CASE #899: THE 'KYC' TRAP

Status: DECLASSIFIED / EDUCATIONAL

DIGITAL FRAUD

Incident Logistics

LOCATION: Bangalore, Karnataka
YEAR: 2024
OFFENSE: Cyber Personation & Financial Theft
VICTIM LOSS: ₹5,00,000 (INR)

Modus Operandi:

"The perpetrator utilized a sense of urgency, claiming the victim's bank account was 'Blocked due to pending KYC'. Used psychological manipulation to force the installation of a remote access application."

II. Investigation Narrative

Step 1 (The Hook): The victim received an SMS with a link. The message warned that failing to update KYC (Know Your Customer) would result in a permanent bank freeze.

Step 2 (The Social Engineering): Upon clicking the link, the victim received a call from an 'Executive'. The caller sounded professional and possessed basic details (Name/Phone) of the victim.

Step 3 (The Payload): The 'Executive' guided the victim to download a 'Support App' (AnyDesk/TeamViewer). This allowed the attacker to view the victim's phone screen in real-time.

Step 4 (The Theft): As the victim logged into their net banking to 'verify' the KYC, the attacker recorded the credentials and intercepted the OTP on the shared screen, immediately transferring funds to multiple mule accounts.

Critical Lessons

Banks NEVER use third-party screen-sharing apps for verification.
An OTP is for YOUR eyes only; screen sharing exposes it instantly.
Official bank communication usually uses registered short-code IDs, not 10-digit mobile numbers.

REPORT SIMILAR FRAUD

This file is for public awareness. Names and specific identifiers have been altered to protect victim identity. Suraksha India Archive.