After RBI, UPI-operator NCPI warns about 'AnyDesk' app fraud: How your money is robbed and how to save it

An app which robs money from your bank account - AnyDesk - is making a lot of noise these days. The app came to limelight when the Reserve Bank of India (RBI) issued a warning to customers, asking them not to download it. RBI alerted banks about potential fraudulent transactions on the unified payments interface (UPI) platform. RBI said that the cautionary notice was issued in the wake of rising number of fraud using the UPI platform. Now, UPI operator NCPI has issued warning and guidelines to customers, explaining how AnyDesk lures them into a fraud. NCPI has also mentioned few steps a customer can take in regards to have a safe and secure digital transaction. 

Bharat Panchal, Head of Risk Management, NPCI says, “While NPCI is continuously working towards enhancing security of its products & services from such attacks, this type of frauds can be better prevented by consumer education. The entire ecosystem including Banks & Fintech companies have to work collectively towards creating awareness & educating customers to refrain from sharing their account/card credentials, OTP/PIN and/or giving access to their mobile handsets to unscrupulous persons through such remote screen access apps."

Panchal said, "UPI platform is fully secure and is also 2FA enabled. NPCI in its endeavour to safeguard the UPI ecosystem will continue to proactively monitor the fraud space and help implement control measures wherever required.”

Here's how AnyDesk robs your money:

- Fraudster would lure the victim on some pretext to download an app called ‘AnyDesk’ from Playstore or Appstore.

- The app code (9-digit number) would be generated on victim’s device which the fraudster would ask the victim to share.

- Once fraudster inserts this app code (9-digit number) on his device, he would ask the victim to grant certain permissions which are similar to what are required while using other apps.

- Post this, fraudster will gain access to victim’s device.

- Further the mobile app credential is vished from the customer and the fraudster then can carry out transactions through the mobile app already installed on the customer’s device.

जानिए जॉइंड्रे कैपिटल सर्विसेस के अविनाश गोरक्षकर ने आज किस शेयर को चुना है #10KiKamaai के लिए।@AnilSinghviZEE @AvinashGoraksha @kunalsaraogi pic.twitter.com/UQx41uAaN1

— Zee Business (@ZeeBusiness) February 19, 2019

According to NCPI, the threat of this modus operandi applies to all applications (Payment/Banking/Wallets/Social Media) installed on the victim’s mobile device. Once access is granted by the victim, fraudster can not only initiate financial transactions but can also place online shopping orders or book rail/air tickets, etc. using the apps available on the victim’s phone or even steal any information stored in the mobile phone. 

So far, number of such fraud cases are few (5 cases reported so far), NCPI adds, "we are vigilant and urge consumers to be careful."

Taking this ahead, Panchal says, "NPCI started with the Consumer Safety & Awareness program leveraging the mass media vehicles like newspapers and radio. Last week, NPCI started a consumer content sourcing initiative STOP. THINK. ACT on twitter to gather creative ideas from consumers to educate them. This is one of the kind initiative to co create content along with consumers, in true sense “for the consumers, by the consumers”

With this, NPCI is committed to consumer safety and reiterates its commitment to support the cause stated by RBI in letter and spirit, reteriates the UPI operator.