We all get One Time Password (OTP) and other confidential bank information on the mobile numbers linked to our bank accounts. Banks and other financial institutions as well as e-wallet companies regularly ask customers not to share these mobile OTPs with others, not to disclose personal details with anyone on the pretext of mobile KYC and SMS alerts of all transactions. Warns to keep mobile numbers updated with banks. Customers need to be on constant alert because fraudsters keep developing new tools and techniques to dupe gullible citizens. A new weapon has been added to this list, its name is ”. It is a technique in which the sender’s information is converted into SMS text. It allows one to send SMS as the other’s identity. In simple words, an SMS spoof is one where the sender’s name and mobile number are changed to pretend to be someone they are not. In our case i.e. in banking, the sender id is usually changed to make the SMS appear valid and genuine from the bank.
How SMS spoofing works
The fraudster will send you an SMS and ask you to forward it to a specific number from your registered bank mobile number. Once you forward the SMS, the scammer is able to link/register your mobile number with UPI on your smartphone. If needed, he can call you later asking for account related details like Debit Card Number, ATM Card PIN, Debit Card Expiry Date and OTP. Obtaining these credentials allows him to generate a Mobile Banking Personal Identification Number or MPIN for your account registered on his device. This MPIN will later be used to authenticate the transaction from the bank account. In some cases, the scamster may send a ‘collect request’ to your UPI ID and ask you to accept the request. This is usually done on the pretext of giving a refund. This trap, set for the gullible, can end up in authenticating transactions, losing money.
[Attribution to NBT]