Cyber crooks cheats hotelier of Rs 10 lakh by hacking phone

Lokmat News Network

Chhatrapati Sambhajinagar:

Cyber criminals hacked the mobile phone of a hotel businessman and siphoned off ₹10.23 lakh using six different bank accounts. The incident took place on November 23. When the businessman noticed the suspicious withdrawals, he immediately lodged a complaint with the bank as the transactions were still pending. However, the bank allegedly ignored the issue, saying “The legal team is working on it,” and the businessman’s money could not be saved. On Thursday, a case was registered at the MIDC Cidco Police Station.

The 45-year-old businessman owns a hotel in the Dhoot Hospital area. On November 23, while he was at his hotel around 2.30 pm, he suddenly started receiving messages that money was being debited from his Bank of Maharashtra (BoM) account. In nine phases, cyber criminals transferred ₹10.23 lakh through credit cards of six banks. According to the businessman, he had not clicked any suspicious links nor installed any app, yet the fraud occurred. He filed an online complaint and later approached senior police inspector Geeta Bagwade at the MIDC Cidco Police Station, after which a case was registered.

Four banks, 15 accounts, and credit cards used

Cyber criminals used 15 accounts and credit cards from RBL, ICICI, SBI, and IndusInd Bank to transfer lakhs of rupees via Immediate Payment Service (IMPS).

Complaint filed while transactions were still pending, but…

According to the complaint, when the businessman realised that money was being debited, he immediately filed an online complaint. On the morning of November 24, he rushed to the bank to follow up. The bank told him the complaint had been registered and the legal team was working. The businessman then approached the police, where he was shown that the transactions were still pending. He again went to the bank and requested that the transactions be frozen. However, the bank did not provide him with any concrete information.

How could the fraud have happened?

Cyber criminals use various technical methods to hack mobile phones, SIM swap, mobile cloning, remote-access app, or apps running in the background.

Clicking on unknown links or granting unnecessary permissions to apps can allow criminals to access banking SMS, OTPs, or device information.

The card or bank details may have already been leaked through a data breach or phishing attack.

How to avoid such fraud?

Never open or install unknown links, apps, or files.

Always download only official apps.

Give apps only the permissions they truly need.

In suspicious situations, immediately block net banking and debit/credit cards.

RBI’s clear guidelines

To prevent fraud, the RBI has issued guidelines to banks:

Freeze the transaction immediately after receiving a complaint.

Investigate the beneficiary accounts within 24–48 hours.

If the customer is not at fault, refund the entire amount within 10 days.

If the bank’s delay causes a loss, the bank is responsible.

The RBI has also ordered banks to block and freeze accounts where the fraudulent money is transferred.

However, it is repeatedly observed that customers do not receive the expected assistance from banks.