Pages

Tuesday, 11 May 2010

Mobile Banking and phishing

Online fraudsters continue to use advanced methods with their victims. Now a phisher has de-activated a bank's mobile alert system.

An SMS alert informing money withdrawals was blocked by phishers after fraudulently obtaining online banking information of a Chennai (India) based victim through a phishing e-mail. A first-of-its-kind case reported here, a thorough probe is under way to find its modus operandi.

The victim received the phishing e-mail in February supposedly sent from a his bank where he held an account with online and mobile banking facility. “Taking it for real, the complainant responded to the e-mail asking to update his online and mobile bank account to refrain from debarment,” said Additional Deputy Commissioner of Police (Cyber Crime Cell) M. Sudhakar.

The victim realized that all the money from his account was withdrawn only after visiting an ATM a few days later. Puzzled about not receiving any SMS alert on his mobile phone on the withdrawal, he contacted the bank and later, lodged a police complaint.

Preliminary police investigations revealed that the phishing mail was sent from Lagos in Nigeria and Rs. 60,000 that was illegally transferred from the victim's account was deposited in two bank accounts in Lucknow and Jaipur. The accounts were blocked immediately and sums of Rs. 43,000 and Rs.17,000 were recovered from them.

“After obtaining confidential online banking details of the complainant through the phishing e-mail, the culprit de-activated the SMS alert in order to keep the victim unaware of the money transfer from his account as long as possible,” Dr. Sudhakar said.

This is the first case reported here, in which an SMS alert was blocked before money transfer, he added.

Even though the money lost was minimal, the Cyber Crime Cell carried out a detailed investigation into how the phisher in Lagos managed to go to the extent of deactivating the mobile alert system.

On the other hand, police search to track the account-holders of the bank accounts in Lucknow and Jaipur hit a barrier after it was found to be opened for non-existing business houses.

He also said that illegal online money transfer could be reduced, only if banks would verify with the respective customer on every request for an online money transfer from overseas. “The culprit in Lagos cannot be apprehended as there is no international law to extradite him.”

Referring to the case, city Police Commissioner T. Rajendran said that an international body to investigate cyber crime is essential. “The number of arrests made in cyber crime cases here is very low now as most culprits operate from overseas,” he added.