Cyber Crimes

PayTM KYC Frauds

In these frauds, the unsuspecting victim gets one of those messages that are sent in bulk to unspecified targets by the fraudsters. These messages come from a message ID that looks deceptively similar to PayTM and the gist of the message is that the recipient needs to get the KYC done for his or her PayTM account otherwise the account would be blocked. The fraudsters mention a mobile number that the recipient needs to call in order to get the KYC done.

When the recipient calls on the given number, the fraudster pretends to be someone working for PayTM and asks the caller (the unsuspecting victim) to install a remote viewing Application such as Anydesk or Quick Support App. He, then, induces the victim to share the Anydesk (or other similar App) ID. After convincing the victim that it is an important step in the verification process, the fraudster, using the Anydesk App installed on his mobile, takes the remote access of the mobile phone of the victim by urging him to accept the remote access attempt. After that, the fraudster gets access to the bank account and e-wallets of the victim and illegally transfers as much money as he can to his own accounts or to that of his associates. In these frauds, the victims end up losing up-to several lakhs of Rupees. It must be noted that while all this goes on, the fraudster does not let the victim hang up the phone lest he/she should see the bank messages regarding the unauthorized transactions that are being done by the former. Once the fraud is complete, the swindler cuts the connection. By the time victim realizes what has happened, they end up losing a lot of money; sometimes even their life savings.

There are other variants of the fraud. Thus, fraudsters pretend to be Customer Care executives of a company in whose services the victim has shown interest, either through online search or through portals such as JustDial. To provide the online service, they ask the victim to download the remote viewing App and also make a small, token payment (Rs.1/2/5). While the victim makes payment, they capture the card credentials and using the remote access to victim’s phone, make multiple, unauthorized UPI transactions.

Safety Precautions:

1. Always treat unsolicited callers/emails/SMSes with suspicion.

2. Never share credit/debit card details with anyone claiming to be bank official or customer care executive.

3. Never enter card details in online form sent by the caller. Your credentials might be stolen.

4. Do not download remote access Apps as fraudster will get access to all your messages and emails.

5. Never click on links in Phishing messages/emails appearing to come from government organizations, officials, banks, etc. They install malware/ spyware on your device.

6. Be cautious while scanning a QR code sent for receiving payment. You may lose money from your account.

7. Be careful of fake customer care number appearing in web search. Use two-factor authentication (Password + OTP) for all online accounts.

  • How to make a complaint:

    1. Brief facts of the complaint explaining how to come in contect with the alleged person/website and subsequent fraud

    2. Take a screenshot/Copy of the alleged SMSs/Profile/Emails

    3. Collect documentary evidence (e.g. screenshots, bank transaction statements, etc.)

    4. Lodge a complaint in your nearest Police Station describing complete incidence along with the above mentioned documents.

    5. Save the soft copy of all above mentioned documents in soft form and provide them to the Investigating Officer on a CD-R and also give hard copy.