Bengaluru: With internet banking gaining popularity, the cyber criminals too are resorting to innovative techniques to dupe vulnerable customers of their hard-earned money.
While tricks such as phishing, vishing, smishing, and pharming have become passé and with people being more aware nowadays about online lottery and donation scams, the fraudsters have found a new way to dupe people using a novel modus operandi.
Interestingly, these fraudsters tried to trick a person from Bengaluru, but he was alert enough to foil four of 10 fraudulent transaction attempts made in just five minutes.
Their modus operandi is as follows. The scammers use stolen credit and debit card numbers to carry out transactions on international websites. The advantage of carrying out transactions on such sites is that no one-time password (OTP) is required, which is one of the most important security features in the online banking sector.
With the card number, expiry date and the CVV number, you can book airline tickets and do other online transactions.
Prabhakar Shetty, a senior director of financial services at an IT major in the city, was in for a rude shock when he received a debit message on his mobile phone. Shetty’s credit card was used to book an air ticket from Delhi to Mangaluru and interestingly, he did not receive any OTP which is generally required to complete a transaction.
“I was shocked after looking at the message. I immediately called up the bank and got my card blocked. In a matter of just five minutes, 10 transactions were attempted on different international portals of which six got through,” Shetty said.
He approached his bank and got the details of the series of fraudulent transactions made on July 24, ranging from $ 1 to $ 200. In one transaction, an air ticket from Delhi to Mangaluru was booked on the name of Kunal Chalotra using Shetty’s credit card. The transaction was made through a US-based travel portal Orbitz.com for $134.14 dollars. Subsequently, a payment of $13.79 was also made to NETFLIX by the fraudster. The victim does not receive any OTP for both transactions. The transactions were carried out in dollars, euros and Malaysian ringgit.
The victim has approached the Cyber Crime police and lodged a complaint in this regard. The police were of the opinion that it was a first-of-its-kind case in which international portals were used to carry out fraudulent transactions. We are investigating.
How do fraudsters collect data?
According to a source, the scammers allegedly establish a link with cashiers (having criminal intentions) at shopping centres, hotels and other establishments and collect the 16-digit debit or credit number along with the three-digit CVV number printed on back of the card and expiry date. Once it was handed over to the scammers, they carry out transactions at ease and share commission with the person who had shared the card info.
“The criminals do not carry out a single transaction. They make sure that a maximum amount utilised from the victim's account and thus make multiple transactions on different International portals within a span of minutes. It gives very less time for the victim to respond and by the time the victim approached the bank, the scammers would carry out many transactions,” the source said
