VISHING – Phishing Through Phones

Vishing attacks are usually fraudulent phone calls made for collecting personal data that includes credit or debit card details and PIN numbers and using such modus, the Criminal then siphons out money from unsuspecting victims. Vishing attacks now target digital wallets also, with similar modus. The worrisome trend is that whilst digital wallets may have limited funds, using the ruse of completing KYC process for digital wallets, the fraudsters get access to the bank accounts and this results in siphoning out of huge sums of money and in many instances literally cleaning out the bank accounts of their balances.

There have been innumerable cases where victims receive calls from unknown persons claiming to be officers from their Bank.  They call the victims under the pretext of verifying ‘Know your customer’ (KYC) details, or even claiming some false transactions on the victim’s Credit / Debit Card.

The fraudster in such cases asks the victims for details such as victim’s card number or the three-digit CVV, or card verification value, figure at the back of the card.  Seconds later the victim will get another call from the fraudster asking him to read out the OTP, or one time password, he would have received as a text message. In the span of a few minutes the unsuspecting victim receives messages about amounts being withdrawn from his account and has become the victim of a vishing attack.

Persons who indulge in these scams rely on manipulation and social engineering to convince people that they are from the banks seeking details often for purposes such as compliance with Know Your Customer norms.

Early day frauds targeting credit and debit cards have evolved to a more sophisticated crime targeting digital wallets, as abovementioned. Whilst it may be possible to block credit card transactions, which have a 15 day window, debit card transactions and those involving digital wallets, leave victims with emptied bank accounts.

It is important for victims to seek their remedies both under the civil and criminal provisions and to hold banks responsible for negligence, if any of banks. It is also important for banks to ensure effective KYC norms and to not encourage such crimes through methodologies that are adopted by banks themselves – for instance a bank calls you and after peremptory identification from them, they ask you for identification details including date of birth, the last two transactions on your credit / debit card; your mailing address etc., Bank customers are therefore socially engineered to answer such questions automatically and when they fall victims and when life savings get wiped out in some instances, the customers are left high and dry to seek long – drawn prosecutions.

Most financial frauds are committed using banking channels. Money siphoned out from the victim’s accounts are transferred to another banking account and thereafter either with one hop or multiple hops of transfers through banking channels, the money is withdrawn. Each of these banking channels are expected to maintain effective KYC norms and hence the assumption would be that culprits can be traced. Yet, it is the victims who are left adrift having suffered extensive losses.

Victims ought to take both civil and criminal actions. A catena of judgments have evolved with Section 46 of the Information Technology Act, 2000 (as amended) (“IT Act”) i.e., proceedings before the Adjudicating Officer having been invoked. These proceedings are fast and inexpensive. The only negative is that having created the office of Adjudicating Officer, the Government did not make a separate appointment. Instead the Secretary, Ministry of IT of each State Government acts as the Adjudicating Officer. Within this limitation, there is still substantial disposals of these bank fraud cases by the Adjudicating Officer. This being an effective remedy, victims ought to take recourse under this. Victims also should track the circulars and advisories of the Reserve Bank of India (“RBI”), which makes the bank liable in some instances to reimburse the victim and to then pursue prosecutions against the culprits. The degree to which a victim is entitled varies.

Criminal prosecutions, as set out above are also feasible. Victims therefore ought to take immediate action, as their failure not only results in others being victimized but an entire racket of such banking frauds being spawned. The best way to combat any such menace is to nip it in the bud and to stop it from becoming an epidemic. 

(Refer Nappinai N. S. (2017). Technology Laws Decoded. Published by LexisNexis. Chapter 2 – Technology & Crimes and the detailed analysis of financial and banking frauds for further details. (https://www.cybersaathi.org/technology-laws-decoded/)

File your complaint online on cybercrime.gov.in. Seek justice and ensure that criminals do not harm you or others. Be A Cyber Saathi!

All Rights Reserved. © Copyright 2020 – N. S. Nappinai Founder,
Cyber Saathi



“Cyber Saathi is a not for profit initiative of the founders intended only for information and knowledge and personal use of Users. Nothing contained herein is legal advice or opinion. Copyright to contents in its entirety of website, case studies, articles, stories and data shared, except News, is owned by N. S. Nappinai, founder, Cyber Saathi. Copying, reproducing, sharing, distributing or using for any other purpose is an infringement. Quotes from the website to be attributed to “Cyber Saathi – An Initiative of N. S. Nappinai”. Content, which violates third party IPR shall not be shared and grievances to be submitted for action. Parental guidance and consent are mandated as case studies and content may relate to heinous offences. Cyber Saathi shall not be liable in any manner whatsoever including, for loss or damages, as set out in its Terms of Usage and other policies, for use of this website or sharing of information. By continuing further on this website, User is deemed to have read, understood and agreed to abide by the Terms of Usage, Copyright Policy and Privacy Policy.”

“The website and modules therein contain details of different kinds of cybercrimes and violations and some of such content or material on Cyber Saathi may contain language or details which may be explicit / sensitive in nature and may not be appropriate for Users below the age of 18 years. For users below18 years of age, parental consent and guidance is mandatory. Parents are advised to review content in advance. “

Designed & Developed By: Jemistry Info Solutions LLP