Online theft cases using remote access apps on the rise
PUNE: An increasing number of people are falling prey to online theft using screen-sharing applications that allow remote access to mobile and computer devices.
The two screen-sharing applications most widely used by fraudsters to steal money from people online are AnyDesk and Teamviewer Quicksupport, according to officials of the cybercrime cell of Pune city police. These applications can be used by the same person for multiple personal devices owned or for remotely accessing other appliances including mobile phones, laptops and desktops.
According to Vidya Jadhav, police inspector of Unit 2 of the cybercrime cell of Pune police, “These applications are generally used under the guise of know-your-customer (KYC) fraud or updating SIM and ATM cards so people tend to grant access easily.”
An official of the cybercrime cell who records data for the cell said, “Every single day of this year, we have had at least one or two cases of remote sharing applications used for stealing money. Since these applications are most of the time used to steal card data and misuse it, it gets registered as bank and card frauds. While individual amounts are always small compared to other methods of hacking, given the number of such cases, the collective amount is substantial.”
Even the website of one of these screen-sharing applications states, “With your first session request, you will also receive a security message urging you not to grant access to anyone you don’t know. Make sure that you trust the person contacting you and only then accept the request. Thereafter you can start your presentation and everything you do on your phone will be visible to your guest.”
Bhagyashree Navatake, deputy commissioner of police, cybercrime cell, warned, “The methods to protect yourself from such attacks are to format your systems regularly. Do not click on unknown links or download applications unless they are sent by people well known to you. Even if you do use screen-sharing, do not share the screen with unidentified people.”
Due to the risk associated with these applications, many companies are avoiding using them. An IT professional, 30, who did not wish to be identified, said, “Most companies have consciously decided not to use AnyDesk as it is highly unreliable. There is a code on the screen which, upon sharing, gives complete access to your screen. A lot of companies have found it to be problematic.”
The elderly in and around the city however, who find it difficult navigating new technology without guidance, are proving to be soft targets for fraudsters. A man, 79, from Warje Malwadi was duped of Rs1 lakh in a credit card fraud after the accused managed to acquire his credentials while tracking a courier sent by the complainant. A case was registered at the Warje Malwadi police station on June 1. Turns out the accused got access to the senior citizen’s mobile phone screen and urged him to use his credit card to pay Rs5 just to know his confidential information like the CVV. Using this information gathered unbeknownst to the senior citizen, the accused used his credit card for online transactions worth Rs1 lakh, according to the police.
It is learned that the trend of online theft using screen-sharing applications began in 2020 when major financial transactions started taking place online. For instance, the pandemic-induced lockdown necessitated cancellation of multiple flights leaving many passengers in want of refunds on their flight tickets. In one such case, a woman from Pune, 54, was duped of Rs3.2 lakh while trying to claim a refund on a cancelled flight ticket. On October 20 when she was trying to get a refund on a flight from Chennai to Pune that she had booked, she got the number of the concerned airline online and made a call. However, the person who answered the woman’s call made her download two applications which gave him remote access to the woman’s mobile phone in which her bank data was saved. Once she downloaded the apps, he asked her to send a message and using the same, he managed to siphon money from three bank accounts of the complainant and her family members.
· Callers ask victims to download the applications from app stores, or send links
· The applications cannot share screens without sharing the code number which appears initially
· In most cases, bank card or third-party payment application transactions are carried out using this method
· The accused gets access to the screen and by extension, the OTP for payments without the victim’s knowledge.