New Fraud: Cyber ​​scammers are emptying bank accounts using only an Aadhaar number, no OTP required!



In the ever-evolving landscape of cyber frauds, a new modus operandi has emerged which can cheat without the need for OTP, CVV number, and even bank details. The fraudsters have devised a strategy whereby victims are at risk of substantial financial loss.

Past incidents have highlighted the growing prevalence of cybercriminals using silicon fingerprints and biometric machines to gain unauthorized access to ATMs and other equipment. By taking advantage of Aadhaar numbers and duplicating fingerprints, these fraudsters have managed to siphon off huge sums of money from people's accounts. Let us know about some such cases which expose the magnitude of the fraud.

A notable case involves the mother of a famous YouTuber Pushpendra Singh. Amazingly, the money was withdrawn from his account without requiring any two-factor authentication. Shockingly, the bank failed to send any alert message, so the family did not come to know about the fraudulent activity until they detected it while updating the passbook. The complex fraud was perpetrated using fingerprints linked to Aadhaar.

One such incident took place earlier this year in Gurugram, Haryana. Money was illegally withdrawn from a person's account by taking advantage of their fingerprints. However, the officials were able to prevent fraud by immediately locking the biometric information through the Aadhaar app. Another incident in 2022 further emphasized the audacity of such cybercrimes.

Aadhaar Enabled Payment Service (AEPS) has become a favorite tool for fraudsters, especially in rural areas and towns. With just an Aadhaar card and fingerprint, individuals can easily withdraw funds without any additional information. According to the National Payments Corporation of India (NPCI), money can be withdrawn only on the basis of an Aadhaar number and fingerprint, with the service operator charging a commission for facilitating the transaction.

AePS not only enables withdrawals but also provides functionality to deposit funds and check account details. When an account is linked to Aadhaar, it is automatically activated, eliminating the need for a separate activation process.

How do fraudsters manage to get hold of biometric information? Despite the Unique Identification Authority of India (UIDAI) saying that Aadhaar data remains secure, cyber security expert Rakshit Tandon revealed that Aadhaar numbers are easily available in various formats, including photocopies and softcopies circulated on the internet. Cybercriminals also exploit AePS machines, using silicon replicas to extract biometric data and facilitate fraudulent transactions.

To guard against such frauds, it is essential to keep your Aadhaar locked and unlock it only when necessary. By locking your Aadhaar, even if the data is compromised, criminals will be unable to misuse your Aadhaar number. Additionally, using mask-based authentication can further strengthen your protection against potential scams.

As cyber fraud continues to evolve, it becomes paramount to be vigilant and take proactive measures to protect yourself from financial exploitation. Be informed, and be safe.