A 73-year-old woman was allegedly duped of Rs 2 lakh by cyber fraudsters under the pretext of updating the KYC details of a bank in central Mumbai. The Know Your Customer (KYC) process allows financial institutions to authenticate the identity and address of the customer they are onboarding. But cybercriminals are exploiting the very system designed to protect consumers' financial and personal information.
What is KYC Fraud?
KYC fraud typically involves fraudsters impersonating bank officials or representatives of financial institutions. As per the Reserve Bank of India, the modus operandi for such frauds usually involves customers receiving unsolicited communications, including phone calls/SMS/emails, through which they are manipulated into revealing personal information, account/login details, or installing unauthorized or unverified apps through links provided in the messages.
Such communications often employ tactics of creating a false urgency and threatening of account freezing/blocking/closure, if the customer fails to comply. When customers share essential personal or login details, fraudsters gain unauthorized access to their accounts and engage in fraudulent activities.
How the Scam Worked in the case of this 73-year-old woman in Mumbai:
- Phishing Text: The victim received a text message claiming that her bank KYC was expiring and needed to be updated.
- Fake Link: The message contained a link that led to a fraudulent website designed to steal personal information.
- Information Theft: The victim's son entered the requested details on the fake website, unknowingly sharing sensitive information.
- Unauthorized Transactions: The scammers used the stolen information to make unauthorized transactions from the victim's bank account.
- The victim lost a total of Rs 2 lakh in two separate transactions.
The fraud came to light after the woman's son approached the Mahim police station with a complaint on Monday, a police official was quoted as saying by PTI.
As per the complaint, the woman received a text message on Sunday mentioning that her bank KYC was expiring and she had to update it immediately, he said. The woman then asked her son to update the details on a link mentioned in the message, and as he started filling in the information, she received an SMS saying Rs 2.2 lakh had been debited from her bank account. After sometime, the amount was credited to the account, but again, Rs 2 lakh was siphoned.
More From This Section
The complainant went to the bank's local branch to report the fraud and approached the police after putting in a call on the helpline number. A case has been registered under relevant provisions of the Bharatiya Nyaya Sanhita and Information Technology Act.
How Should You Detect KYC Scam?
KYC scam detection involves being vigilant about unsolicited communication from unknown sources, claiming to represent financial institutions. "It's important to remember that genuine banking entities will never ask for sensitive information like account details or passwords over the phone or via email," said HDFC Bank in a blog post.
What are the Dos and Don’ts to Prevent KYC Fraud?
In the wake of an increasing number of KYC updation frauds, the Reserve Bank of India (RBI) has outlined the Dos and Don’ts:
Dos
- If you receive a request for updating your KYC, directly contact your bank or the financial institution for confirmation.
- Obtain the contact details of the bank or financial institution only via their official website.
- In the case of any cyber fraud incident, inform your bank or financial institution immediately.
- Enquire with the bank branch to confirm the available methods of updating KYC details.
- To keep abreast of changes associated with KYC, you ought to read paragraph 38 of the RBI Master Direction on KYC, dated February 25, 2016.
Don’ts
- Do not share account login credentials, card information, PINs, passwords and OTPs.
- Do not share KYC documents or copies of KYC documents with unknown or unidentified individuals or organisations.
- Do not share sensitive data or information via unverified or unauthorised websites or applications.
- Do not click on suspicious or unverified links received on your mobile or email.
- Additionally, to prevent falling victim to a KYC scam, you should:
- Regularly review bank statements for any unauthorised transactions.
- Update contact details with the bank to ensure you receive legitimate communication.
- Use secure networks and devices for online banking.
- What steps should you take in case of KYC fraud?
In the unfortunate event of encountering KYC fraud, inform th the bank and the local police. Compiling all related information and documenting evidence such as screenshots and call details is crucial for further investigation.
In the case of financial cyber fraud, individuals must immediately lodge a complaint on the National Cyber Crime Reporting Portal (www.cybercrime.gov.in) or via the cybercrime helpline (1930).
Staying vigilant and reporting suspicious activities immediately can help mitigate the risk of KYC fraud. If approached for KYC updates or any other personal information, always verify the authenticity before responding. It's also advisable to lock sensitive personal information, like biometrics, which can be done through official government portals.