Luring People into Installing Device Sharing Apps Is Fraudsters’ Latest Ploy To Get Full Access to Victims’ Phones
Yogesh Sapkale | 09 May 2022
India is one of the largest markets for smartphones in the world; however, lack of digital literacy is causing many people, including highly educated persons, to fall victim to fraud. The latest modus operandi in the series of frauds is to persuade people to download apps that give full access to a person's phone or computer to a third person. These apps, such as AnyDesk or TeamViewer, are genuinely used by tech support teams to fix software-related complaints through remote access.
However, in the hands of fraudsters, this rather positive app allows access to the personal and financial information of a victim as well as OTPs that are generated by credit cards to withdraw money. A majority of complaints are about fooling people by using an app called 'AnyDesk' whose name sounds similar to a bill-payment app called BillDesk. 
Two days ago, Times of India-ToI reported on how a senior citizen doctor in Mumbai was fooled into downloading the app to pay his electricity bill,  failing which power supply to his home would be cut. He had clicked on a link that was helpfully provided by the fraudsters to download the app.
In a short while, he lost nearly Rs9 lakh through 18 transctions by the fraudster on two credit cards and a debit card  whose details were obtained thorugh remote access to his phone.
In January this year, a 65-year-old homemaker lost Rs3.95 lakh from two bank accounts when a fraudster tricked her into downloading a screen sharing application and siphoned off the money. This was done under the pretext of updating know-your-customer (KYC) for her bank accounts. 
A Free Press Journal report said she was asked to download AnyDesk and then do a Rs10 recharge from her phone to complete the KYC from both her bank accounts. The caller kept the lady busy in idle conversation so that she missed several one-time passcode (OTPs) messages sent to her phone, which the fraudster was able to access remotely. Later, she was also asked to share her PAN and Aadhaar details at which time she turned suspicious and hung up the call. She checked her messages and realised that a series of transactions were made from her debit card, looting her of Rs3.94 lakh.
This fraud is becoming rampant because people are naïve or lazy and easily trust messages and links that appear to be from utility companies.  
With regard to the ToI report, a senior official from the Reserve Bank of India (RBI) believes that apart from remote access, some confidential details such as the expiry date of the card and the card verification value (CVV) number may also have been disclosed by the victim to enable the fraud. The remote access app would, however, give the fraudster access to the OTP information without any intervention by the customer. RBI is looking into such incidents of fraud, we were told.
We, at Moneylife, repeatedly warn readers not to click on links from unknown sources or even on official-looking messages from service providers, without adequate verification. 
If you are a victim, speedy action is imperative to recovering money. For instance, the cyber police team at Kozhikode was able to track down a bank account in Rajasthan where the fraudsters had deposited money robbed from a lady doctor's bank account. The fraudsters were also arrested from that state and the entire sum of Rs6.44 lakh was recovered. This  was an 'AnyDesk' fraud, says a report from OnManorama.
What You Need to Do
First, do not trust a call or help offer that you have not requested or expected. 
The fraudster will message or tell you over the phone that he is from your bank and there is some issue with your account and it will be blocked or suspended unless it is fixed immediately.
Remember, each bank sends out multiple messages warning against such fraud. No bank will ask you to download any app or software on your device through a phone call. Also banks need to follow a stipulated procedure to block or suspend accounts. If you are still concerned, visit the bank's official website given on official bank statements. Do not Google for such sites because there are fraudulent look-alike sites as well, especially for booking travel tickets and holidays or buying liquor.
Remember, the caller (fraudster) is after your money only.  
Even if you have downloaded the app or software and have given access to the device to the fraudster, NEVER login to your bank account or even show your credentials while the remote session is on.
Do not follow instructions from unknown callers or trust them. In the two examples above, the victims were asked to transfer Rs10, which allowed the fraudster to see their bank login and password and also read the OTP messages since he had remote access to the device.
Even if you answer a call, at the first sign of suspicion, hang up and end the remote session by simply turning off your device. On restarting your device, uninstall the remote access app and immediately change the password of your bank account/s. 
If you have lost money, report it immediately to your bank branch by phone as well as email. If required, approach the local police station and file a first information report (FIR).