Skip to main content

Day to day Cyberfraud - A tip through my Experience!

I did not think that I would fall for one such attack! But I did and I salvaged the situation in time to come out unscathed! 

Sumit has a correction to be made to his PAN card and I have been helping him out. At one stage there is a need for a SMS OTP from Aadhar to verify his identity. We wait for the SMS OTP on his registered mobile number; but does not come in the stipulated 120 seconds. We presume that the Aadhar server is down and repeat this the next day and find that the OTP is elusive. A quick debug shows that his registered mobile number (serviced by MTNL) is out of service. And for some odd reason it stayed that way for the entire day, repeated call to the call center reach the IVR and machine but no human so the problem is not resolved. Curious I scan through Sumit's phone and find an SMS from an unknown number (+91 9883453468) which speaks of his MTNL number not being KYC compliant.  

All this seem to add up. The non-functional phone and the SMS!    And I jump at the opportunity to _educate_ Sumit that he should keep track of his SMS'es as well, instead of just being on Social Media platform (as a parent you take it upon yourself that you need to educate your adult son! the Indian parent style!).

Without thinking further (Mistake 1: Succumb to Social Engineering) I immediately call +91 9339434679/+91 9883453468 (Clue 1: MTNL might not provide customer service on a personal number) and on the third try the guy at the other end pickup and immediately I hear

This is Mr Somnath from the MTNL head office in New Delhi.

I am surprised and think, 

(Clue 2) "When did MTNL people start introducing themselves on a phone" 

and without using the Clue 2 I mention about the SMS and about the non-compliant KYC and ask him what is to be done (fall in the trap). 

He is patient and assure me 

This has happened with lots of old phone connections and there is nothing to worry. It is a simple exercise. Please go to Google Store and  download this application. 

This is when my dim brain wakes up and I turn smart (self patting!)

Me, "I can not download any application"

He, "Why?"

[Smart Thinking] Me, "I have a bar phone"

He, "What is a bar phone"

Me, "The Nokia one which is very old"

He, "Do you have any other phone?"

Me, "We have only this phone, we can not afford a smart phone"

He, "If that is the case we can not do anything"

Me, "What do I do now?"

He, "Just wait and things will become normal"

Me, "How?"

He hangs up. I try calling him several times  but he does not pick the phone. And rightfully before the end of the day Sumit's phone is functional. We go ahead and finish the task which required the registered mobile to receive an OTP via SMS.

I sleepily apologize to Sumit for "should see your SMS" comment. This time I was wrong.

Endnote 

Falling into socially engineered trap is real irrespective of how smart you think you are. 

Two possibilities

1. It is possible the whole thing was coincidental  (MTNL going out of action, the SMS coming in just before this happening) but it added up to the fact that we needed the OTP to come as a SMS.

2. May be MTNL has a scheduled break in services which some people know apriori and then lay the trap of sending out messages to coincide with these break in service and a few people like me (think smart but aren't) fall into this trap.



Labels:
Location: B-17, Mankhurd Gaon, Mankhurd, Mumbai, Maharashtra 400088, India

Comments

Post a Comment

Popular posts from this blog

Visualizing Speech Processing Challenges!

Often it is difficult to emphasize the difficulty that one faces during speech signal processing. Thanks to the large population use of speech recognition in the form of Alexa, Google Home when most of us are asking for a very limited information ("call my mother", "play the top 50 international hits" or "switch off the lights") which is quite well captured by the speech recognition engine in the form of contextual knowledge (it knows where you are; it knows your calendar, it know you parents phone number, it knows your preference, it knows your facebook likes .... ). Same Same - Different Different:   You speak X = /My voice is my password/ and I speak Y= /My voice is my password/. In speech recognition both our speech samples (X and Y) need to be recognized as "My voice is my password" while in speaker biometric X has to be attributed to you and and Y has to be attributed to me! In this blog post we try to show   visually   what it means to pro
Post a Comment
Read more

BITS Pilani Goa Campus - Some Useful Information

You have cleared the BIT Aptitude Test and have got admission to BITS Pilani Goa Campus. Congratulation . Well Done. This is how the main building looks! Read on for some useful information, especially since you are traveling for the first time to the campus and more or less you will face the same scenario that we faced! We were asked report on 29-Jul-2018 (Sunday) to take admission on, 30-Jul-2018.  We reached Madgoan (we traveled by train though the airport is pretty close to the BITS campus, primarily to allow us to carry more luggage!)at around 0700 hours (expect a few drizzles to some good rain - so carry an umbrella) on 29-July-2019. As you come out you will be hounded by several taxi drivers, but the best is to take the official pre-paid taxi. It should cost you INR 700 to reach the BITS campus. We had booked a hotel in Vasco (this is one of the closest suburb from BITS campus, a taxi should charge you around 300-350 INR; you will make plenty of trips!) and
2 comments
Read more

Authorship or Acknowledgement? Order of Authors!

 {Personal views} Being in an R&D organization means there are several instances when you have to write (Scientific or Technical Papers) about what you do in peer reviewed conference or journals.Very often, the resulting work is a team effort and as a consequence most papers, written today, have multiple authors.  Few decades ago, as a research scholar, it was just you and your supervisor as the two sole authors of any output that came out of the PhD exploration. This was indeed true, especially if you were writing a paper based on your ongoing research towards a PhD. In the pre-google days, the trend was to email the second author (usually the supervisor) to ask for a copy of the paper so that you could read the research and hopeful build on it because you knew that the supervisor would be more static in terms of geo coordinates than the scholar.   However the concept of multiple authors for a research article is seeping into academic research as well. These days labs write papers
Post a Comment
Read more