Presentation is loading. Please wait.

Presentation is loading. Please wait.

Investigation of Vishing Fraud Voice phishing is typically used to steal Credit Card /ATM Card numbers, PIN Numbers, CVV Number or other Banking credential.

Published byShonda Perry Modified over 9 years ago

Similar presentations

Presentation on theme: "Investigation of Vishing Fraud Voice phishing is typically used to steal Credit Card /ATM Card numbers, PIN Numbers, CVV Number or other Banking credential."— Presentation transcript:

1

2 Investigation of Vishing Fraud

3

4 Voice phishing is typically used to steal Credit Card /ATM Card numbers, PIN Numbers, CVV Number or other Banking credential / information used in identity theft schemes from individuals

5 Sri Janardana Padhy received an unknown telephonic call from the fraudster and the fraudster posing himself as the ATM Relations Manager calling from Head Office, Mumbai informed the victim that “your ATM Card is at risk, it will be blocked soon”. The fraudster assured the victim to activate the ATM Card and asked for the ATM –cum-Debit card details i.e., ATM-cum-Debit card Number & PIN Number. The fraudster also instructed the victim to switch off his Mobile Phone Number for technical reasons & for smooth updating process. The fraudster advised the victim not to inform anyone as the process is very confidential in nature. After receiving the ATM Card details, the fraudster made a number of online transactions (purchase of goods, electronic equipment's, online payments, mobile /DTH recharge, etc.) in various websites / online payment gateways and defrauded an amount of Rs.2,50,000/-.

6 Applicable Sections of Law:-  IPC:- 419/420  Information Technology Act-2000:- 66C/66D

7 Steps:-  Victim received an unknown call from the fraudster  Accused fraudster posing himself/herself as the ATM Relations Manager calling from Head Office to the victim  Informing the victim over Mobile Phone that “your ATM Card is at risk, it will be blocked soon”  Assuring the victim to activate the ATM Card, if the victim will furnish the ATM –cum-Debit card details

8

9 Modus Operandi  Asked for the ATM –cum-Debit card details i.e.,  ATM-cum-Debit card Number  PIN Number  Accused instructing the victim to switch off his/her Mobile Phone Number for technical reason & for smooth updating process  Fraudster instructing the victim not to inform anyone as the process is very confidential in nature

10 Modus Operandi  After receiving the ATM Card details, the fraudster made a number of online transactions (purchase of goods, electronic equipment's, online payments, mobile /DTH recharge, etc.) in various websites / online payment gateways

11 Pre-Requisite for Investigation  Victim received a telephonic call from the fraudster  Victim has given his ATM Card details to the fraudster  Accused had made a number of online transactions in various websites / online payment gateways by using the ATM Card details of the victim

12 From the Complainant  Mobile Phone Number of the fraudster to be ascertained from the victim Seizure of the following documents on production by the victim complainant:- ATM-cum-Debit card in original Updated Savings Passbook SMS details received from the Bank about the online transactions made by the accused with date & time written in a paper by the complainant Mobile Phone Handset along with SIM Card (in which the SMSs were received) be seized and after seizure be kept in zima

13

14

15

16 Different Online Payment Gateways

17

18

19

20

21

22

23

24 In respect of Complainant Correspondence to be made with the Mobile Service Provider to furnish the report in respect of the mobile phone number of the complainant as well as of the fraudster :- Subscriber Details Date of Activation Customer Acquisition Form {in original} CDR for the alleged period IMEI Number of the handset Certificate u/s 65-B of the Indian Evidence Act

25 IMPORTANT NOTE IN CD Co-relation to be made and reflected the same in the case diary as found in the CDR

26 Correspondence to be made……  To the concerned Bank:- Name and address of the account holder Account Statement for the alleged period of unauthorized online fraudulent transaction The details of each transaction in brief Account Opening Form of the Victim Whether the victim was issued with any ATM-cum- Debit Card:- ATM Card Number Date of issuing of ATM Card Details of the ATM Card

27 Correspondence to be made with online Payment Gateways / Shopping websites  Account Registration Details in respect of the Merchant ID through which the online transaction was made  IP details  type of operating system of the computer system of the fraudster  type of browser software  Physical address of the computer system  IP Address, Time stamp and other server log details for each fraudulent transaction  Payment gateway details along with used credentials for authentication and transaction

28 Correspondence to be made with online Payment Gateways / Shopping websites  All other traceable details like  mobile numbers used for OTP or any authentication or used to call your customer service number  email addresses for transactions  mailing address of the merchant and any other details  Beneficiary details [ Mobile Phone Number recharged / DTH reference] available at your side or provided by merchant to bank against these transactions  Cookies

29 Correspondence to be made with online Payment Gateways / Shopping websites  Credit history information  Purchase history in respect of the Merchant ID  products the fraudster viewed or searched for  Counterfoil receipt in respect of delivery of goods by the online shopping website to the fraudster  The details of the company personnel along with his contact number who delivered the goods to the fraudster  Date & time of delivery of goods  Address of delivery of goods

30

31

32

33

34

35

36

37

38

39

40

41

42 Wallet:- Recharges, Bill payments, Bus tickets, Shopping from hundreds of categories Send & receive money to & from friends Avail of services at partner destinations Cash back to the accounts Bill payment or recharge through toll free number or SMS

43

44 SAMPLE REPORTS

45 Report of EBS:-

46 Report of Bill Desk:-

47 Report of Freecharge:-

48 Report of Mobikwik:-

49 Report of PayU:-

50 Report of PayTM:-

51

52 Report of Pay4India:-

53 From reports of Online Payment Gateways we found:-  Registered Mobile Phone Number  IP Address of the computer system used for registration of the account in the online payment gateway along with date & time  Beneficiary Mobile Phone Number/ Recharge ID  E-mail ID furnished by the fraudster in the payment gateway  Details of shipping items  Shipping Address along with name & particulars of the beneficiary

54 Correspondence to be made……  E-mail Service Provider:- Notice u/s 91 of Cr.P.C. submitted to the Nodal Officer of E-mail Service Provider to furnish the account registration details along with log details in respect of E-mail account

55 Information in respect of e-mail ID:- Account Registration Details Date & time of creation of the e-mail account IP log at the time of creation of the account Physical address if any of the computer system used by the fraudster Browser information Mobile Phone Number used at the time of registration and updation of the e-mail account {registered mobile phone number} Secondary e-mail account Log details of the e-mail account

56 Google report

57 From the E-mail Service Provider Name:- E-mail:- Status:- Services:- Secondary E-mail:- Created on (with date & time):- IP Address:- SMS:- Log details:-

58 Sample Reports from E-mail Service Provider

59 Yahoo report

60 Rediffmail report

61

62

63

64

65 Correspondence to be made…… Internet Service Provider:- User Subscriber Details of the IP address Telephone number in case of DSL/CDMA/3G, and Dial up other relevant information in respect of the User Subscriber address of correspondence contact number e-mail IDs billing details MAC ID of the alleged computer system or IMEI Address of the computer resources with respect of the relevant IP address CAF / NTC in respect of the User Subscriber in respect of the alleged IP address.

66 Request Letter to ISP

67 Report from ISP {Aircel}

68 Sample report from ISP {BSNL}

69 Sample report from ISP {ORTEL}

70 Sample report from ISP {TATA}

71 Correspondence to be made…… Mobile Service Provider:- Subscriber Details Date of Activation (DOA) Customer Acquisition /Application Form (CAF) {in original} CDR for the alleged period Certificate u/s 65-B of the Indian Evidence Act

72 Investigating Officer will seize From the possession of accused:-  Laptop with charging adapter  Computer system, its other components (Monitor, CPU, UPS, Keyboard, Mouse)  Hard Disk from the seized CPU  Modem  Pen Drive /USB Drives /CDs/ DVDs  Mobile Handsets  SIM Cards  Memory SD Card  Dongles  Cables  Telephone Bills  Different fake ID Proof documents

73

74 Modus Operandi:-  The accused person is using different mobile phone numbers for communication with courier agency and delivery of shipping items  The accused person is using different identity particular documents created in different names (Voter ID Card, PAN Card, Aadhar Card, College ID Cards)  The accused person sent different persons to receive the shipping items  Mainly operated in the area of Jharkhand Jamtara, Mohanpur village areas

75

76

77 Seized Exhibits be sent to CFSL for examination Seized exhibits be sent to Director, Central Forensic Science Laboratory, Directorate of Forensic Science Services, Govt. of India, Ministry of Home Affairs, 30, Gorachand Road, Kolkata- 700014, (T) S.D.J.M., for examination and opinion

Download ppt "Investigation of Vishing Fraud Voice phishing is typically used to steal Credit Card /ATM Card numbers, PIN Numbers, CVV Number or other Banking credential."

Similar presentations

Identity theft Protecting your credit identity. Identity Theft Three hundred forty three million was lost from consumers in 2002 The number of complaints.

Identity theft Protecting your credit identity. Identity Theft Three hundred forty three million was lost from consumers in 2002 The number of complaints.
JPMorgan Chase Purchasing Card Training

JPMorgan Chase Purchasing Card Training
ELECTRONIC BANKING.

ELECTRONIC BANKING.
EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.

EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.
Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.

Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.
By Derek Hahn Washington State Director of Finance and Ian Newby Lake Stevens Member In 3-D.

By Derek Hahn Washington State Director of Finance and Ian Newby Lake Stevens Member In 3-D.
OVER VIEW OF BANKING FRAUDS

OVER VIEW OF BANKING FRAUDS
What is identity theft? How does identity theft occur? How do you protect yourself? What do you do if you are a victim? Jane Doe Certified Consumer Credit.

What is identity theft? How does identity theft occur? How do you protect yourself? What do you do if you are a victim? Jane Doe Certified Consumer Credit.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Identity Theft “When Bad Things Happen To Your Good Name” El Camino Community College Police Department Sgt. Kirk Johnston Josh Armstrong.

Identity Theft “When Bad Things Happen To Your Good Name” El Camino Community College Police Department Sgt. Kirk Johnston Josh Armstrong.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
1. 2 Someone steals your personal information to commit fraud. A “buy now, pay never” shopping experience. What is Identity Theft?

1. 2 Someone steals your personal information to commit fraud. A “buy now, pay never” shopping experience. What is Identity Theft?
Identity Theft Someone steals your personal information for his/her own gain It’s a crime!

Identity Theft Someone steals your personal information for his/her own gain It’s a crime!
Identity Theft consumer.gov. What is identity theft? When someone uses information about you without your permission. The information can be your: – Name.

Identity Theft consumer.gov. What is identity theft? When someone uses information about you without your permission. The information can be your: – Name.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Prepare a deposit slip Record entries in a check register

Prepare a deposit slip Record entries in a check register
Chapter 4 Billing Schemes.

Chapter 4 Billing Schemes.
“Electronic Payment System”

“Electronic Payment System”
E-Banking is the use of electronic means to conduct banking business, such as telephone, Internet, cell phone, or other device by way of secure internet.

E-Banking is the use of electronic means to conduct banking business, such as telephone, Internet, cell phone, or other device by way of secure internet.

Similar presentations

Ads by Google