Terms like phishing, and hacking have been swirling around in TV channel discussions and in newspapers, with cyber experts listing out the precautionary steps to be taken. Banks also bombard us with text messages, often to the point of clogging our phone storage space, urging us to never share the one-time password (OTP) with anyone, and no bank official would ever ask for it.
But cybercriminals continue to thrive and find newer methods to fool bank customers, and every second day there are reports of people losing their hard-earned savings to phishing attacks. The other day a hacker came dangerously close to wiping out my bank balance.
I was trying to make an online payment for the monthly apartment maintenance fee. But for some inexplicable reason, I was not getting the OTP on my registered mobile number and hence could not clear the final step of the money transfer. After a couple of attempts, I gave up and decided to pay some other day.
However, later on, I decided to tweet about it, wondering whether mine was an isolated case or any glitch in the bank’s bulk mail mechanism. Minutes later I noticed that there was a reply from a Twitter handle displaying the bank logo and apologizing for the inconvenience caused, along with a helpline number.
A couple of hours later I thought of giving the number a try. The number looked a bit odd as most banks have a 12-digit helpline number starting with 1800… while this was a straight 10-digit mobile number. But I let it pass.
When I rang up the number, the usual paraphernalia associated with banks’ helpline numbers was missing - no answering machines welcoming me and directing me to press this or that number. Instead, there was a guy at the other end and he was conversant only in Hindi.
I told him about the issue and after a brief pause, he said that for identification purposes I need to tell my permanent account number (PAN), issued by the Income Tax Department. In hindsight, I realized this was the first stage of the trap and I fell for it. Soon after I shared my PAN number, I heard a message beep on my phone.
He asked if I got a message. When I checked my phone’s message folder, I found a fresh one had landed on the bank’s message thread. He then told me to share the OTP mentioned in the message.
The moment he said that I smelled a rat. I was reminded of the numerous warning messages banks had sent against sharing OTP. I immediately disconnected the call. This was followed by a flurry of incoming calls, and my phone’s Truecaller app traced them to disparate locations such as Lucknow, Patna, and Kolkata. I refused to take any of these calls.
I then took a closer look at their Twitter handle. I noticed that it was riddled with typos and grammatical errors and did not have a blue tick. Even in the title ‘cares’ was spelled as ‘caress’. After the calls stopped, I got a text message, ‘sar coll me’ [sic].
I immediately left for the bank and told the executive about not receiving OTP. I also narrated to him about this shady helpline and my refusal to comply with their dubious demand. The executive remarked, "Sir you have been saved."
He explained that they were actually hackers and had I given the OTP I would have lost all the money in the account. He claimed the bank keeps receiving such complaints and recently even one of their employees got conned in a similar fashion!
Also Read: Bangalore Short Takes
Lucky escape. Your experience will be an eye-opener to many.
ReplyDeleteReally close shave, Shajil. Scary
ReplyDelete