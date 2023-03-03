Mumbai Cybercriminals targeting citizens with “electricity bill” frauds seem to have moved on to a new modus operandi – they are now using the threat of suspension of bank accounts to prompt unsuspecting citizens to click on links sent by them with fraud banking messages.

After electricity bills, cybercriminals now use banking messages to con citizens

After a sudden spate of fraud text messages in the name of banks, the Mumbai Cyber police have in a preliminary analysis have found that the links in the messages are exactly like the ones that were earlier being sent in the name of electricity suppliers.

The police said the slew of messages began around two weeks ago, with scores of people all over the country getting messages, all saying the same thing: ‘Dear Customer, your account will be suspended today. Please update your KYC/link your PAN.’

The message includes a link, which supposedly allows customers to update their Know Your Customer (KYC) details or link their PAN cards to their bank accounts. The link, however, is designed to steal the victim’s net banking or card details.

Opening the link leads the victim to a form to be filled in, which asks for all details like net banking log in credentials and debit or credit card details. As soon as these are entered, the cybercriminals log in to the victim’s net banking accounts and start transactions.

The victims get a One Time Password to authorise the transactions but there is also a separate field in the form for this OTP. The victims, thinking that this is part of the process, enter the OTP in the form and the money is debited from their accounts.

“The modus operandi and the structure of the web pages is exactly like the ones we saw in cybercrimes that were perpetrated in the name of electricity bills. We are analysing the trend further,” said Balsing Rajput, deputy commissioner of police (Cyber).

Till recently, citizens received messages saying that their electricity supply would be cut off, as they had not paid their bills. The messages were accompanied with links where the victims were ostensibly supposed to update their bill status, the links were designed to capture sensitive banking or card details.

“Earlier, the fear of electricity being cut off led the victims to enter their details, this time round they are being fooled because the messages are in the names of banks. Hardly anyone thinks twice about entering their banking details if they believe that they are genuinely dealing with their bank,” said a Cyber police officer.

“We are analysing the mobile numbers used in these cases as well as the Internet Protocol addresses associated with the numbers to check for any more links between the electricity bill scam and the banking scam,” said the officer.

The officer added that most of the messages are being sent in the name of the HDFC Bank, while a few had used names of other banks as well. HDFC, too, has issued an advisory through its social media pages, cautioning customers against falling prey to the scam.

“Protect yourself from fraudsters! Always check that messages from HDFC Bank come from the official ID HDFCBK/HDFCBN and links start with hdfcbk.io. Do not click on links or respond to unknown numbers requesting PAN/KYC updates or other banking info,” HDFC has said in a tweet posted on February 27.

In last five days, a total of 23 cases have been registered all over the city where victims lost money to this modus operandi. The money lost was in various amounts, ranging from ₹19,607 in a case registered by the Tardeo police to ₹3.99 lakh in a case registered with the Agripada police.

Besides, three cases each are registered in the Gamdevi, Oshiwara, Shivaji Park and VP Road police stations and one case each in the Andheri, Bhoiwada, Byculla, DB Marg, DN Nagar, Ghatkopar, NM Joshi, Parksite and Vakola police stations.