After RBI issued a warning about AnyDesk app, SBI has become the newest banking institution to warn its customers. State Bank of India, the largest lender in the country, has issued a warning to its account holders about suspicious WhatsApp messages that reportedly trick them to share personal banking details. The bank said that it is aware of some account holders getting such messages via WhatsApp and other social media platforms. These messages reportedly advise them on OTP (one time password) as well.
How the new WhatsApp scam works
First, it tries to win the trust of the victim by sending messages that educate the user about OTP (one time password). The hackers aim to win the trust of victim which would result in them sharing the actual OTP. The WhatsApp message in some cases reportedly comes with a link that would simply install a malicious app in the background. This malicious app is then used to get OTPs from a user’s phone and this becomes the second part of the scam.
The scam works similar to other phishing scams where a fraudster calls posing as a bank employee and talks about renewing or upgrading existing debit/credit card of the victim. The fraudster then asks for debit/credit card number, CVV, expiry date of the card in the name of upgrading to a new card. After that the fraudster would tell the victim that they will receive an SMS or WhatsApp message to confirm the card upgrade.
The victim generally receives a SMS or WhatsApp message with a link which the victim believes is for card upgrade confirmation but is actually used to install malicious software on the device. The malware redirects all OTP SMSes to the fraudster’s phone. Since the fraudster already knows details of your card including CVV, it becomes easier for them to initiate transactions. In case someone is affected by such an issue, the banks allow them to claim refund by reporting it within three working days.
Watch: Oppo 10x Lossless Zoom First Look
How to report banking fraud
In order to report debit or credit card fraud, banking customers need to call at 1-800-111109, and share details about the fraud officially with their banker. The fraud can also be reported via SMS by typing “Problem” and sending it to 9212500888. SBI users can report the fraud on Twitter by sending message to @SBICard_Connect. SBI notes that if any fraud occurs due to its fault then the customer stands to get full compensation even when it is not reported. The refund is not applicable when the loss is due to the person’s negligence or when they shared their personal banking details.