Only the other day we were discussing with a few
bankers about the fact that online frauds or crimes are still very low in India
compared to advanced countries. We justified this with another fact that
millions of Indians are still ignorant or have no online presence. And just the
next day I had a close shave from a potentially serious credit card fraud. We have
heard a lot about card protection in terms of safeguarding against phishing or
seemingly genuine emails asking for personal information, dubious text messages,
stolen or lost cards, taking care while shopping or at the ATM machine,
skimming and so on. But to find out what exactly defines my experience I had to
surf the net for a while finally resting on a term ‘Tele Phishing’.
During a very busy day in office I received a call
from a lady who identified herself as a bank executive of the private bank with
which I had multiple and most frequently used credit card accounts. As I had
been used to getting such calls from very similar sounding lady executives I took
the call casually while going on with my work. The lady informed me that as per
the RBI guidelines the bank had decided to issue a new card replacing my
multiple accounts and the new card had a host of benefits with no payment
liabilities.
I had three weak points at that point of time: 1. I was attending the call
in a casual way not disturbing my office work; 2. I did not suspect her
identity as a bank executive while noticing that she had called me from a
mobile number, and 3. I in fact wanted a single account since I was using only one
particular credit card all the while and did not need the other cards. And the
smart lady capitalized.
I started giving all information as she wanted
including date of birth, card number and the three-digit CVV (Card Verification Value) number
on the back of the card. The executive informed me that there will be such
amount of reward points and a onetime payment that would be reflected in the
statement but would be adjusted against the reward points. One part of the reward points would be paid by the bank in cash. I was also told that
a business firm would call me for my confirmation so that the gifts could be
couriered to my home address. Indeed, the supposed business firm called
immediately and gave the list of my gifts like T-shirt, credit card pouch, wrist
watch and so on. Then the lady called me again that the bank has sent me a text
message containing a six-digit number the last three digits of which would be
the CVV of my new card. I saw the private bank name in the sender ID of the
text message and so assured read out the number to her.
Maybe the lady executive and her accomplice had one
weakness at this point—they were becoming too greedy.
She called again asking for my second credit card
details. I was piqued at that time and asked her how many cards were going be
issued since she earlier told me that one single account would replace all
others. She quickly told me that two cards were being issued. I was not
convinced, but at that time the office peon came in with a bunch of papers for
signature and so I went on with her while doing my work. The same process was
repeated including the bank text message containing the second six-digit number.
Suddenly I developed cold feet realizing that I had
given all crucial information of my cards. Immediately I checked the text
messages sent by my bank and to my horror I found that those contained OTP (One
Time Password) numbers which are generated during online transactions.
Fearing that transaction alerts amounting to
God-knows-what figures might come any time I panicked and with trembling hand dialed
the bank customer helpline. Luckily I got to speak to a customer service
executive immediately. I asked him if the bank was going to issue new cards
rushing through my experience. The executive was not sure and so I immediately
requested him to block all my cards and not entertain any transaction that
could come any moment.
I got one more text message from the bank containing
another OTP. The smart lady called up next requesting me to tell her the number
informing me that the earlier number was invalid. I wanted to make sure one
final time. I asked her ‘Where are you calling from?’
‘From …. bank’. She replied, a little surprised.
‘Prove that you belong to the ….. bank.’ She fell silent.
‘Prove or I’m giving your number to the police right
now.’ The line was cut instantly.
I think credit card protection is hardly enough even
now. The banks should adopt preventive measures, issue regular notifications
and should announce that their executives will call customers always from
authorized office landlines and not mobiles. In my experience real executives
did call from mobiles at times.
I had a close shave. You should learn from this and
prevent such frauds. Be ready anytime to thwart tele phishing or any other
attempts to fool you. The numbers that were used in this fraud are, 08459490706 for the bank executive and 08130486175 for the trader. Seem to be
purely Indian and this means fraudsters are trying to make it big in India now.
Beware!
