Fraudsters can use this app to steal your money: RBI
Amid increasing cases of online fraud, the Reserve Bank of India (RBI) has issued an advisory warning about an app that can wipe your accounts clean. The app, called AnyDesk, relies on remote access and can easily be used to steal money from the wallets and UPI accounts of unsuspecting users. Here's how it can be used to fool you.
First, an attacker may social engineer you to download AnyDesk
According to RBI, a fraudster may employ different mechanisms, including social engineering, to trick you into downloading AnyDesk. They may pose as a bank employee and promise you monetary rewards or claim that your card will be blocked if the application is not downloaded. To sound legit, the scammer may even verify your publicly-accessible or stolen information like DOB/Aadhaar number.
When you download AnyDesk, it takes control of your phone
Once the app is installed and run, it takes full control of the target's device. After this, the attacker requests the target to share a 9-digit code generated through the app and provide certain permissions to complete the 'reward' process. This code, when entered on the attacker's phone, hands over full control of the victim's device to the fraudster.
Then, the fraudster can steal money
With full control, the attacker can easily access the infected phone and the applications installed on it. As such, they can empty wallets that are without password protection or steal your UPI pin during a transaction. This could lead to major financial fraud and you will have absolutely no clue of what is happening behind the scenes.
However, such attacks can be avoided
Though the attack is more sophisticated than the conventional method of tricking a user into giving away their username and password, it can be avoided pretty easily. Basically, you have to remember that no bank ever asks to install an app for rewards or any other service. If someone calls and tries to get an app installed or request a code, hang up immediately!
Also, follow basic security practices
As an additional step, keep all the accounts on your phone secured with biometric or password protection and have an antivirus app installed. These precautions are pretty simple but can play a major role in thwarting hacking attempts.
