SBI account holders in Kerala duped by online fraudsters hacking YONO app

SBI extends OTP-based ATM withdrawal facility round the clock

Kannur: The cyber police have issued a warning against unidentified persons indulging in syphoning off money from State Bank of India customers by sending them bogus text messages saying their accounts have been blocked.

Hundreds of people, including a sub-inspector of police in Thrissur, have fallen prey to the fraudsters across Kerala within a week.

The messages issued bogus warnings to customers, saying that their bank account has been blocked, or YONO, SBI's integrated online banking platform, has become defunct or their net banking facility would be stopped. The messages also provided a link to the fraudsters' website for the customers to provide their e-KYC details.

Modus operandi

Customers clicking the link were directed to a website similar to that of the SBI, which seeks the Permanent Account Number as well as the user ID and password for online banking. In some cases, the website also sought the bank account number.

Those providing the details mistaking the website as that of SBI, would get a one-time password (OTP) for verification. Once the user enters the OTP on to the website, money would be debited from the account.

Probe so far

Cyber police have found that the cash was mostly withdrawn from ATMs in Delhi, Uttar Pradesh and Bihar. Initially, the fraud was carried out through one website, but currently multiple websites are being used. Police said once they block a website, another one would go live.

Police were suspecting the involvement of more than one gang. The similarity with the SBI site, and the fraudsters avoiding phone calls for customer details made several people fall victim to their vices.

Investigators found that the fraudsters used the customer details to withdraw money using the YONO app, which allows a maximum of Rs 20,000 at a time. However, the fraudsters have used the app multiple times to siphon off cash.

Police have not yet identified any of the gangsters, who wear face masks while visiting ATMs.

Don't share details: Police

The cyber police advised customers against clicking on links received over email, SMS or social media, or sharing their account details. For any account-related issues, customers should contact the bank before making any changes to their account details. 

The comments posted here/below/in the given space are not on behalf of Onmanorama. The person posting the comment will be in sole ownership of its responsibility. According to the central government's IT rules, obscene or offensive statement made against a person, religion, community or nation is a punishable offense, and legal action would be taken against people who indulge in such activities.