Mumbai : In one hour, Rs 16 lakh were siphoned off from a city businessman’s bank account, almost reducing the balance to zero.
The money was transferred to five different accounts across India by unknown hackers, who used the e-banking details of the businessman. Even as the account was being cleaned out, his mobile service was disabled by the hackers, who called the service provider and asked to discontinue service, ‘as the mobile phone had been lost.’
This was the manner in which Shishir Sadani, 24, director, Aarogyam Packaging Solutions Pvt. Ltd, saw Rs 16, 52,005 drained from his account with the United Bank of India on Thursday morning.
The money was transferred to branches of the HDFC Bank (Ghazipur and Kandivali), HSBC Bank (main branch of Delhi), Karur Vysya (Meerut) and Federal Bank (Jaipur) on Thursday morning, almost zeroing out the company’s account.
Since Shishir’s mobile service had been disabled the same day, he remained unaware about these transactions and hence, could not call his bank to stop the transactions.
On Wednesday morning, Sadani’s father, Krishna Kumar Sadani, 50, had received an email from email@example.com at work, in Tulsiani Chambers, Nariman Point.
The sender had asked Krishna Kumar Sadani to update his username and password at the ebanking-id (a fraudulent website, with a phishing notice on it).
“Without checking it, I entered my email-id and password on firstname.lastname@example.org, thinking it a regular procedure carried out by the bank,” said Krishna.
Around 11 a. m. on Thursday, Shishir received a phone call from someone posing as an Airtel customer service executive, asking him for personal details like his full name, date of birth, billing address and email-id. Unsuspectingly, he provided all the information sought. Just minutes after this, he found he was unable to use his cell phone for almost two hours. When he called Airtel’s customer service, he found that someone had called and requested Airtel to shut down his service, saying the mobile unit had been lost.
When Shishir requested reactivation by providing his personal details, he found he had about 20 SMSs in his inbox about the transactions done from his bank account.
After this, he called his father and asked about any possible transactions the latter could have carried out, which of course, his father denied.
He then called his bank to stop those transactions, but it was too late by then.
So he went to the Cuffe Parade Police Station and registered a complaint, from where he was asked by the police officials to register a police complaint at the Cyber Crime department at the Bandra-Kurla Complex. When called up for information on the case, Nandkishore More, the senior police inspector of Cyber Crime, Bandra-Kurla Complex, refused to respond.
It was later found that the money had been physically withdrawn from each of the five banks across the country, and this was when Shishir was on the phone with the bank’s customer service executives, trying to stop the transaction.
Cyber-expert, Sanjeev Goyal and the CEO of domain provider MITSU’s Indian operations said, these type of crimes were increasing at an alarming rate.
“The bank from where the money has been withdrawn physically must be asked to provide the CCTV footage of the person who came to withdraw the money”, said Goyal. Talking about the security lapses, Goyal further added, “Personal details must not be provided to anyone over the phone and customers who are not well-versed with e-banking securities and its procedures, must avoid such transactions”.