How Sim cards, bank accounts of poor are misused for cyber crimes
Investigations into cyber-fraud cases often lead the Kerala police to ordinary, innocent people in North India, with no connection with the crime.
Investigations into cyber-fraud cases often lead the Kerala police to ordinary, innocent people in North India, with no connection with the crime.
Investigations into cyber-fraud cases often lead the Kerala police to ordinary, innocent people in North India, with no connection with the crime.
Cyber fraudsters on the prowl are now illegally buying Sim cards and bank accounts of poor and uneducated persons to perpetrate their next con as the latter seldom raise questions.
In fact the poor, we are told, are happy to receive some money. Their happiness, however, may come to an abrupt end if booked in a police case.
Investigations into cyber-fraud cases often lead the Kerala police to ordinary, innocent people in North India, with no connection whatsoever with the crime. So, how are frauds of this scale perpetrated?
We contacted an agent of an online platform that offered fake Sim cards and bank accounts for a price. While negotiating, we inquired about the possible issues the legitimate owner of the Sim card/bank account in question might cause.
His reply was shocking: "Such an incident has never occurred in the two years' of my career. These people are poor villagers, and since they are uneducated, they don't know much about the issues. Moreover, we have generously paid them."
There are rackets that pay for the identity documents of the poor villagers. Sim cards are procured and bank accounts opened using these documents. The excuse they tell the legitimate owner will be something else.
These Sim cards and bank accounts are used for committing cyber crimes. If the police register a case, the legal owner — whose documents were used — becomes the accused.
International numbers from Rs 300 onwards
The WhatsApp missed calls originating from country codes +81, +55, +62, etc., need not necessarily be from a foreign country. The necessary technology is available to give a missed call or message by using a US number from Kerala itself.
The scamsters have automatic dialler software to make missed calls to thousands of WhatsApp numbers from overseas numbers. The software allows such calls once a list of recipients is copy-pasted to it.
Another agent offered a US number for Rs 300. When asked if the number could be used for illegal activities, the answer was
"Why not?" He also gave a piece of advice: Use a virtual private network (VPN) to avoid being tracked!
The US number will be forwarded once the payment is made. The number could be used to sign into WhatsApp. Once signed in, select the 'Call Me' option instead of the SMS code. The agent will provide the One-Time Password (OTP) required to register.
Once registered, any number of calls could be made using the US number without travelling abroad. The fraudsters generate several such numbers to con people. Since the numbers are not KYC registered, there is no means to track them.
There are certain websites selling such phone numbers as well. The OTP number will be sent to the site's inbox.
Bank accounts on rent
Scamsters buy bank accounts to ensure safe transactions without getting caught. The agent said current accounts are in high demand since they support the transaction of huge sums.
The Telegram pre-paid fraudsters also use such rented or bought current accounts to receive huge amounts. Each account is bought for anywhere between Rs 15,000 to Rs 80,000. Demand is more for private bank accounts.
The scamsters also take accounts on rent. Six people contacted us within 10 minutes after we messaged in a group, saying we are looking for current accounts for parking gaming-related funds.
The rental for bank accounts is 1.2 to 2 percent of the transaction. Incidentally, most fraudsters prefer accounts having a maximum limit of Rs 1 crore.
Those offering their accounts on rent will have to update it with the rentee's phone number. This is to ensure that the fraudsters get the OTP. The accounts of paper organisations are used on rent in several crimes, including the Telegram pre-paid scam.
When an investigation was initiated into one such account, the bank concerned threw up its arms: "We are unable to contact this customer!"
A fake Sim card is available for Rs 600 to Rs 1,000. If anyone is planning to procure Sim cards after reading this series, beware! You too could be shortchanged.
Kerala account? No problem!
Here is the conversation with an agent who offered a Sim card and bank account:
Correspondent: I am new to this. I need a bank account.
Fraudster: (Sends the names of banks along with a rate card).
Correspondent: What is the process ahead?
Fraudster: A kit containing the registered Sim card, debit card, cheque-book, and KYC documents will be shipped.
Correspondent: How do I trust you?
Fraudster: Ask anyone about my work. I have been in this field for the past two years.
Correspondent: Is it possible to get a list of state-wise accounts of people, like Tamil Nadu, Kerala, etc.
Fraudster: Yes, but most accounts are from Madhya Pradesh, Kolkata, etc. What kind of account are you seeking? I can provide you with an account with a private bank in Kerala.
The 'linking' fraud
Have you received messages with links saying that your account will be blocked if you did not link your bank account with PAN and Aadhaar cards?
Nikhil Joyce, the Growth Lead of Bureau ID, a firm facilitating end-to-end identity verification, compliance, and fraud prevention for new-age businesses, received such a message on May 10. The message was followed by another, which had an ICICI Bank app, with a .apk extension.
Joyce's colleague Abhijith Gaur, who verified the file, shared his findings with Manorama:
- Once clicked, spyware capable of reading and installing SMS texts will be installed.
- If we mistake the link to be genuine and try to log in, the fraudster will get an SMS with our details, including the password.
- Logging in is possible only by providing the net banking username, net banking password, PAN number, bank account number, and IFSC.
- Since they can read the SMS texts, they can access the OTPs forwarded to your phone, and withdraw money.
- Once the recipient of the message tries to log in after installing the app, the fraudster will engage the receiver in a conversation. This is to divert the account holder's attention from the OTPs being received on the phone. The account holder will realise that the money has been withdrawn only after disconnecting the call.
This is the second of the series on new-gen cyber crime cases that have left crores of Indians in a quandary. Read part 1 here: Don't take the bait, ignore that missed call please!
Next: Debit card from Senegal
(Note: If you are a victim of online fraud, share your story with Onmanorama. Write to us at onmanorama@mm.co.in)