ATM & Branch Locator
Pradhan Mantri MUDRA Yojana (PMMY)
Emergency Credit Line Guarantee Scheme (ECLGS)
Overseas (Nostro) Account
NRI Banking FAQs
Funds Transfer from Abroad
Travel Currency Cards
QR Payment Solution
Corporate Internet Banking
GoMo - Mobile Banking
Saraswat UPI on BHIM
24/7 Phone Banking Service
Missed Call Service
NETC - FASTag
Saraswat Bank on WhatsApp
Bank On Tab
Positive Pay System
Online Dispute Redressal (ODR)
Re-KYC of Individual Customers
Saraswat Bank Rewardz
Utility Bill Payment Cash Back Offer
Fuel Surcharge Cashback
Login to e-Banking
21 Feb 2019
Various Modus Operandi to commit Fraud in Digital Payment Ecosystem
1. Fraudulent transactions using the
Fraud Via AnyDesk application
Recently, a new modus operandi has been brought to our notice through which
fraudster can easily take remote access of a victim's mobile device and carry out
transactions. Stepwise details are as under:
Fraudster would lure the victim on some pretext to download an app called
'AnyDesk' from Playstore or Appstore. It may be noted that, there are more
apps like 'AnyDesk' that help provide remote access of device to other
The app code (9-digit number) would be generated on victim's device which the
fraudster would ask the victim to share.
Once fraudster inserts this app code (9 digit number) on his device, he would
ask the victim to grant certain permissions which are similar to what are
required while using other apps.
Post this, fraudster will gain access to victim's device.
Further the mobile app credential is vished from the customer and the fraudster
then can carry out transactions through the mobile app already installed on the
Above modus operandi can be used to carry out transactions through any Mobile
Banking and Payment related Apps (including
UPI Collect/Pay Request Fraud
We have observed a Collect
Pay request fraud trend in UPI wherein fraudster calls the customer and entices him to download a UPI app and create a VPA (Virtual payment Address such as abc@upi) and registers the mobile number of the customer in a UPI app.
Customer’s debit card details such as card number, expiry date etc are required to register for a UPI app.
Subsequently a Collect
Pay request is sent to the customer to whom the customer falls prey and approves the same after following fraudster’s instructions and inputs his/her UPI pin to authorize the transaction initiated by the fraudster.
Fraudster downloads any UPI app on his Device
The respective UPI app would first initiate process of Device binding (Device binding is an activity wherein mobile number and IMEI number of customer’s mobile is registered before initiating any transactions)
The respective UPI App would ask for permission to send an auto SMS to verify mobile number (In case of BHIM UPI the SMS will be sent to “9664555555” In case of other UPI apps, this 10-digit number will change).
By putting the mobile in Airplane mode, SMS sending would fail and the unique code (13 digit number in case of BHIM UPI) would now be available with the fraudster on his mobile in his SMS outbox since the SMS could not be sent because the mobile was kept on Airplane mode.
Fraudster would then convince the customer to send this unique code to ’9664555555’ (in case of BHIM UPI) from his registered mobile number. In case of other UPI apps, this 10-digit number will change.
This action would now bind customer’s mobile number to fraudster’s device and Fraudster can now search customer’s account details through the Bank selection screen on UPI app installed on the device of fraudster.
Fraudster would subsequently also get Debit card credentials and OTP required for creation of UPI pin through Vishing (sharing of debit card credentials by customer).
Fraudster can now carry out transactions from customer’s all linked accounts and the customer will get to know only on receipt
Note - Customer’s mobile number remains active unlike in SIM swap
3. SIM- Swap Technique:
Under SIM Swap fraud, the fraudster will first collect customer’s personal banking information through Smishing, Phishing, Vishing or any other means.
Under smishing, you receive an SMS with a web link. If this link is clicked, a malicious program causing theft of data will be downloaded. Phishing means collecting customers information by sending fake emails. Vishing refers to calling a customer by posing as a bank executive to collect information.
After collecting all personal information, the fraudster will contact customer’s mobile operator (Vodafone / Airtel / Idea etc), showing your identity proof saying the original SIM is lost. He then applies for a duplicate SIM card. The mobile operator would de-activate your SIM card.
The fraudster generates an OTP on his own phone, using the duplicate SIM and then makes online banking transactions.
Since your original SIM will be de-activated, you will be unaware of the fraudulent transactions he makes.
All Customers should stay alert and should not share any banking details with unknown entities. Saraswat Bank does not ask for any such information. Kindly Contact your nearest branch immediately if you receive or come across any such incidence
Open An Account
Apply For Loan
Open 3-in-1 Account
Apply For Term Deposit
Get An Insurance
Follow Us On:
© 2023 Saraswat Co-operative Bank Ltd. All Rights Reserved.
REDIRECTION TO THIRD PARTY WEBSITE
This website contains third party links. After clicking on these links you will be leaving Saraswat Bank website. These links are provided for your information and convenience. Saraswat Bank does not endorse nor has any control over third party website content. Saraswat Bank is not responsible for the content or availability of third party websites.
Therefore Saraswat Bank makes no warranties or representation, express or implied about such linked websites or information contained on them.
Third party websites may have different privacy and security policies than Saraswat Bank. You should review the privacy and security policies of any third party websites before you provide personal or confidential information.
Redirect to RBI Kehta Hai
* Input digits (0 - 9)