Home ›› 05 Nov 2022 ›› Front
Mobile financial service (MFS), also commonly known as mobile banking, is one of the mediums to transfer money in minutes and this method has become very popular in recent days.
But many fraudsters have figured out various ways of cheating and fraud by exploiting the MFS providers’ apps.
The fraudsters transfer the money to their account using MFS mediums after getting the security PIN or verification code from the users by posing as officials of the service providers or by luring them with the promise of a fake prize or lottery win.
According to law enforcement agencies, the fraudsters are embezzling and making away with large amounts of money from customers due to the connivance of some unscrupulous staff of MFS companies and agents and a lack of knowledge about technology among users.
Law enforcement officials said that mobile banking has become the most active medium for digital fraud. Although law enforcers have arrested many people at different times, their influence cannot be stopped.
They also said that it is difficult to prevent such fraudulent activities if the customers are not more aware and secure.
Over 17.85cr MFS accounts
There are currently 13 entities, including bKash, Rocket, Nagad, mCash, and upay, that provide mobile financial services around the country, according to the Bangladesh Bank (BB).
As per BB data, at the end of June this year, the number of registered MFS customers is more than 17.85 crore and over 6.42 crore of them are active.
At the same time, the number of mobile banking agents stood at over 14.67 lakh. Also, more than Tk 94,293 crore was transacted through these services in June, it said.
Nowadays MFS is not limited to sending and receiving money anymore. People are also using these services for daily shopping, paying various bills including utility ones, and mobile recharge.
Via mobile banking, people are paying salaries of drivers and maids in Dhaka and many other cities and towns and labourers are now sending money to their families in remote villages.
In March this year, during a webinar on this issue, the Policy Research Institute of Bangladesh (PRI) said in most frauds, a customer loses an average of Tk 9,219 and most of these incidents happened in Dhaka Division. Most of the fraudulent activities were carried out using unregistered mobile SIM cards.
Frauds’ techniques
Sources said the fraudsters are spreading their nets and using various methods to steal people’s hard-earned money with the number of customers and money transactions via mobile banking significantly rising in recent times.
Talking to The Business Post, law enforcement officials shared some of the tricks fraudsters use.
On August 25, the police’s Criminal Investigation Department (CID) arrested four people including a distributor sales officer of bKash for swindling money from mobile banking users.
CID’s Special Superintendent of Police Rezaul Masud said these fraudsters used to call an MFS customer or agent and identified themselves as officials from that company’s head office. They would say there were some problems with the account and needed their information to fix them and update it.
They stole money from the account after tricking the customer or agent and managing to collect their PIN and one-time password (OTP), he said.
Some fraudsters lurk at the shops of MFS agents and collect the phone numbers of the person who just received money from the sender. They call the receiver right away and plead that the money was sent to them by mistake. They then persuade the receiver to send the money back.
Later, when the original sender calls to check whether he/she received the money, the victim realizes that they have been cheated.
Masud said the fraudsters also use various ruses and mathematical tricks to deceive and steal the PINs of unsuspecting customers use for their MFS apps or accounts.
For example, a fraudster, identifying themselves as an official of an MFS company, will call a customer and say there is a problem with their account. He/she does not ask the customer to share their PIN; rather they give the customer a set of random numbers and ask them to put the PIN before or after that set of digits.
Afterwards, they ask the customer to share the full set of digits in the name of confirming the customer’s identity or checking account security. Once the customer shares the digits, the fraudsters simply disregard the digits they sent and easily figure out the PIN.
The fraudsters also use another method that is similar to the aforementioned one with a slight difference. Putting this trick in play over the phone, a fraudster asks a customer to open the calculator app and add or multiply the amounts of money he/she received the last two times. Then they ask for the result.
Afterwards, the fraudster tells the customer to add or multiply their PIN with that set of digits and asks them to share the final result. Once they do, the fraudster simply subtracts or divides and easily figures out the PIN.
Another way the fraudsters hack into the MFS accounts is that they call a customer and tell them that Tk 10,200 or Tk 7,000 is set to be credited to their account and that would happen if they share the OTP they will get in 30 seconds via text message. Once the victim shares the OTP, it helps the fraudsters hack the account.
Spoofing
There are several police units that work to combat all types of cybercrime, including mobile banking fraud.
Some members of these units said the fraudsters use paid versions of some phone cloning apps. But they did not mention the names of these apps for the sake of their investigations and security concerns.
Senior Assistant Commissioner (Cyber Crime Investigation) Dhruv Jyotirmoy Gop, of Dhaka Metropolitan Police’s Counter Terrorism and Transnational Crime Unit, told The Business Post that some of the apps the fraudsters use are available on the Google Play Store.
Anyone can generate fake numbers using these apps and make phone calls. This is called spoofing. When someone calls using these apps, the caller’s number looks like the customer care numbers of MFS companies or even phone numbers known by the receiver, he said.
But these numbers are never the same. At least one digit appears different. For example, a plus (+) sign or 0 (zero) or +8 can appear in front of the desired number, he added.
Regarding the use of illegal SIM cards, Dhruv said that many buy SIMs from roadside shops without considering or understanding the security concerns. They have to show their national identity card to buy a SIM. Later, the fraudsters photocopy the card and use it to buy a new SIM.
What authorities say
Shamsuddin Haider Dalim, head of corporate communications at bKash, told The Business Post, “The transaction in mobile banking is done digitally. There is no human contact. So, two things are important here. First is the PIN and second is the OTP that is required before entering the PIN for the transaction.”
These two things are customer property. They can never be shared with anyone. If that’s ensured, the transaction will be 100 per cent secure, he added.
Dalim said, “No MFS entity ever wants to know anyone’s PIN or OTP. The moment it is asked for, there is a problem. If that happens, the victim can contact the customer care of the concerned company or inform the law enforcement agencies right away.”
Special Superintendent of Police Muhammad Rezaul Masood, of the CID’s Cyber Crime Division, said many people do not file a case or complaint if the money they lost is a small amount or to avoid legal complications. People do not even file a simple general diary to avoid trouble.
“We have made many arrests at different times. But it’s difficult to prevent such fraudulent activities if the consumers are not more alert,” he added.
