HDFC Bank Ltd has warned its internet banking users about an app called AnyDesk which is being used by fraudsters to steal customers’ money through the unified payments interface (UPI). Apps like AnyDesk help fraudsters to gain unauthorized access to a victim’s mobile device and carry out transactions, not authorised by the bank account holder otherwise. AnyDesk is an application for smartphones, including Google's Android platform, which allows remote control of devices. In messages shared with customers, HDFC Bank said, “Beware! Fraudsters may ask you to download AnyDesk App and share a 9-digit code which gets them access to your phone to steal money. Do not share your card details / OTP / PIN with anyone and report any unusual activity immediately to the bank.”
In February, the Reserve Bank of India (RBI) had also said that AnyDesk is capable of acquiring full access to your smartphone and would let fraudsters carry out banking transactions remotely. In its official mailer, the HDFC Bank has detailed how the fraudsters lure victims. Here is what they say.
- You may receive a phone call from a fraudster, who will claim to be a representative from a tech company/bank offering to fix issues in your smartphone or mobile banking apps.The fraudster will then ask you to download a mobile app like ‘AnyDesk’ from Play store or App Store, which can provide him with remote access to your mobile. Then the fraudster will further ask you to grant him certain permissions. Once granted, the fraudster is now in control of your mobile device. Further, mobile banking credentials and PIN are stolen from you and the fraudster can now choose to carry out financial transactions from your mobile app. The fraudsters also forward one SMS to you and advise you to forward it to a specific mobile number from your phone. On the basis of this, the fraudster is able to link/register your mobile number/account with UPI on his own mobile device.
HDFC Bank also warns that the fraudsters will subsequently seek confidential account-related credentials like debit card number, PIN, expiry date, OTP and sets the MPIN which is then used to authenticate transactions.
In some guidelines released by HDFC Bank regarding the AnyDesk app to help its its customers keep their money safe, they say a user shouldn't download any apps on their phone or share any confidential information upon the demand of any unknown caller.
- Be alert to fraudulent calls that ask you to download apps or share confidential information (disconnect such calls immediately).
- In case you have already downloaded “AnyDesk” app and it is no longer required, uninstall it immediately.
- Please enable app-lock on your payment or mobile banking-related apps.
- Report any suspicious activity at your nearest bank branch/genuine customer care number only.
- Do not share your banking passwords or store them in your mobile handset.
- Do not share your other sensitive financial details on call such as UPI pin/MPIN, Debit/Credit Card, CVV, expiry date, OTP, ATM pin, bank account details, etc.
- Don’t allow a stranger to guide you to install a mobile app through App Store/Play store, or instruct you to change the setting of your mobile.
- Do not rely on customer service numbers of various merchants/entities/ banks etc retrieved via Google search, since they can be fake.
- Do not forward any unsolicited SMS received on a request of so-called representative from a tech company/bank.