KYC fraud explained: What it is and how to stay safe from scams
KYC fraud is a rising cyber threat targeting banking customers through fake links and apps. This guide explains common tactics, warning signs, and safety tips to avoid financial scams.
As digital banking gains popularity in the country, a parallel rise in cyber crimes and financial scams, especially KYC fraud has authorities and banks on high alert. KYC simply means Know Your Customer.
Basic concept of KYC fraud
The fraud related to KYC basically involves tricking individuals into revealing critical personal or banking information such as OTPs, CVV details, often under the false pretext of account suspension or deactivation.
How does KYC fraud work?
Scammers generally impersonate bank officials and use urgent messages to induce panic. A popular tactic includes SMS alerts such as:
"Dear customer, your account will be blocked by 5:30 PM. Update your KYC here: [malicious link]."
Now these messages often include suspicious links or force the user to install APK files i.e., Android applications that mimic genuine banking services. Further, once a user clicks on these links and installs the application, it instantly demands unnecessary permissions such as access to your camera, microphone, SMS inbox or contact list allowing fraudsters to steal OTPs, key passwords and even sometimes remotely control your mobile device.
Leading banks such as ICICI Bank, Axis Bank and HDFC Bank have reiterated that they never request KYC updates via third party applications or SMS links. They also send periodic warning mails to their customers to be aware of such scams and focus on safeguarding their account details by not sharing any sensitive information with anyone.
APK-based KYC scams: A serious threat
These fake applications often shared outside of official application stores such as Google Play Store or Apple Store, bypass android security protocols. Then they operate in stealth mode, recording sensitive data, and sometimes even initiate unauthorised or fraudulent transactions.
To combat the same institutions such as CERT-In consistently warn mobile users of severe security flaws in Android, Apple, and Chrome. Users must follow the invaluable advice and consistently update their devices on an immediate basis to avoid data theft and system compromise.
How can you stay safe?
- Ensure that you never click on links in unsolicited messages or install APKs.
- Never share personal banking details like OTPs, CVVs, or PINs over the phone or through text.
- Only use official bank applications and websites to verify KYC or other updates.
- Report suspicious messages to the National Cybercrime Helpline (1930) or www.cybercrime.gov.in.
- If in doubt, never hesitate to contact the respective customer service team of your respective financial institution.
You may also report phishing attempts to ‘Sanchar Saathi’ at sancharsaathi.gov.in or forward them to your bank’s fraud reporting email.
For example, if you are a customer of ICICI Bank you can email your queries at: antiphishing@icicibank.com. Therefore, staying informed and updated with recent developments in the banking sector along with consistently building knowledge can help you in ensuring financial safety.
Disclaimer: This article is intended for informational purposes only and should not be construed as financial, legal, or cybersecurity advice. Readers are encouraged to exercise caution and consult official sources or their banking institutions when in doubt.
Catch all the Instant Personal Loan, Business Loan, Business News, Money news, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.