Reliance Jio recently warned customers of a cyber social engineering attack wherein scamsters posing as Jio representatives try to gain access to sensitive information such as Aadhaar, bank account details, and so on.
In an email sent to users on January 4, Jio said that these scamsters posing as Jio representatives mainly try to accrue the information on the pretext of pending e-KYC (know your customer) process. Jio did not go into much detail regarding the frequency of such cases, but the fact that it forced them to issue a mass email to customers indicates that there has been quite a number of such attempts.
Social engineering-related cyber frauds are a reality and they’re not just targeted towards senior citizens (perceived to be unskilled in digital use) but also target those who are technologically proficient and use smartphones on a regular basis. For example, former NDTV journalist and news anchor Nidhi Razdan was a victim of an elaborate social engineering scam involving a job offer from Harvard University.
How the fraud against Jio customers is carried out
Jio, in the email, said —
- The scamsters emphasise that if the customer does not submit the KYC documents to complete the eKYC, Jio services will get impacted.
- A call-back number is also mentioned to share the details.
- When the customer calls on the given number, he/she is asked to install a third-party app
- This app allows imposters to get remote access to the customer’s phone and bank accounts associated with the device.
“Please note that Jio never asks you to download any third party app for any kind of activity,” the telecom company said in the email.
Jio’s recommendations to protect customers from cyber fraud
Jio asked customers:
- Not to click on suspicious links or attachments and to not respond to unsolicited emails, messages, or phone calls asking for personal information
- Not to download remote access apps, as fraudsters may get access to phone’s information
- To create unique passwords & PINs for apps and online accounts and refresh them at regular intervals
- Not to share their 20-digit SIM number (mentioned at the back) with anyone
WhatsApp users from Hyderabad recently fell for a social engineering attack
In August 2021, at least three people from Hyderabad became victims of a form of social engineering hack where malicious actors obtained unauthorised access to their WhatsApp accounts.
This is how the scammers did it —
- The malicious actor signs up on WhatsApp using the victim’s number and then calls them to convince them to give the OTP.
- Once the OTP is given, the actor logs in to the person’s account and enables two-factor authentication. This locks out the owner of the account.
- If there are chat backups, the hacker will now have access to it.
- The malicious actor then identifies people with whom the person has had the most number of conversations and sends them a malware link.
- By clicking on the link, that person’s phone gets infected.
- The actor also sends messages to the person’s friends asking for money. The recipients fall for it thinking that their friend is messaging them.
Have something to add? Subscribe to MediaNama here and post your comment.