In a startling case of cyber-financial-crime, a Bengaluru-based tech professional lost Rs 2.8 crore after installing a SIM card into a maliciously configured mobile phone. The fraudsters, posing as representatives from Citibank, used this new and deceptive technique to intercept one-time passwords ( OTPs ) and ultimately drain the victim’s bank accounts.
Here’s How the Scam Unfolded
The scam was set afoot when the victim received a WhatsApp call from someone claiming to be a Citibank representative. The caller informed the techie that their credit card approval was “pending” and recommended procuring a new SIM card.
A few days later, a parcel supposedly sent by “City Union Bank” arrived at the victim’s doorstep. Inside was an MI 13 C smartphone, which the victim assumed was part of the process to finalize the credit card application.
Transform GST Learning: Master Sections Faster with Memory Power- Click here to know more
Believing the instructions were legitimate, the victim inserted the new SIM card into the phone. Unbeknownst to them, the device had been pre-loaded with harmful applications capable of diverting OTPs and other sensitive notifications. This allowed the cybercriminals to monitor and exploit the victim’s banking activities.
With the malicious apps intercepting essential security details, the perpetrators managed to siphon off Rs 2.8 crore. The funds included fixed deposits and savings from the victim’s HDFC Bank accounts.
According to the report from Hindustan Times, On November 27, 2024, the tech professional received a call from an individual introducing himself as Rohit Jain, who claimed to represent a bank where the victim holds a credit card. Jain informed him that, as a reward for amassing a substantial number of points, he was entitled to a complimentary smartphone.
Transform GST Learning: Master Sections Faster with Memory Power- Click here to know more
On December 1, a courier bearing the bank’s branding arrived at the victim’s address. As promised, it contained a mobile phone along with instructions to insert his SIM card and start using the device. Trusting the source, the techie followed the provided steps. However, when he visited the bank on December 5, he discovered to his shock that his fixed deposits—amounting to ₹2.8 crore—had been liquidated and the funds withdrawn.
The scam took shape between late November and early December 2024, culminating in the unauthorized transactions discovered on December 5, 2024. Alarmed by the massive loss, the victim promptly filed a complaint at the Whitefield Police Station. Investigators are now examining the digital trail and have invoked relevant sections of the IT Act to track down those responsible.
Growing Concern Over New Cyber Tactics
This incident has raised serious concerns among citizens and cybersecurity experts alike. Criminals are increasingly leveraging pre-configured devices to intercept OTPs or SMS alerts, giving them unauthorized access to victims’ bank accounts. Authorities are urging the public to verify the authenticity of any unusual banking requests and to remain cautious when receiving unsolicited calls or packages.
Transform GST Learning: Master Sections Faster with Memory Power- Click here to know more
Stay Vigilant:
The police continue investigation to bring the culprits to face justice and prevent similar scams from claiming more victims.
Support our journalism by subscribing to Taxscan premium. Follow us on Telegram for quick updates
