Digital Fraud: Expert Advice on Protecting Bank Accounts Amid Rapid Unauthorized Withdrawals
Image Source, Reuters
Arohan Bajgain (name changed), a university professor from Kathmandu, was in his office last Tuesday at noon.
Around 12:15 pm, he received an SMS on his mobile from a digital payment system called Connect IPS.
“The message stated, ‘Your Connect IPS account has been deactivated, please visit here for reactivation’ with a link,” he explained.
Since transactions occur through this system, he clicked on the link and completed the activation process. “After following the instructions and receiving completion confirmation, I resumed my work.”
When he arrived home that evening, he was shocked to find his mobile inbox filled with SMS notifications of various deductions from multiple banks.
Upon contacting the digital payment company, it was discovered that the website where he entered his private information was not the genuine Connect IPS site but a counterfeit.
“On the same Tuesday, 2.383 million Nepalese rupees were transferred from four of my bank accounts to other accounts. Additionally, between five to ten thousand rupees were deposited into two different mobile numbers,” he revealed.
Since then, he has been in contact with Connect IPS, his banks, and the police, hoping to recover his funds.
Police have confirmed that investigations are ongoing and are unlikely to conclude within this week.
Nevertheless, he remains optimistic about recovering his money.
“I know exactly which banks and accounts the money went to and the mobile numbers linked to those accounts. The KYC details for those accounts must also have been filled,” he stated.
Increasing Unauthorized Access to Bank Accounts
Cases of theft through phishing links that grant unauthorized access to individuals’ bank accounts are rising daily, prompting police to urge public vigilance.
Dilip Kumar Giri, spokesperson for Nepal Police Cyber Bureau, explained, “This is not about hacking WhatsApp to ask acquaintances for money. Scammers deceive people to gain access to their bank accounts; this is a different type of scam than before.”
He added that over 40 complaints of such scams have been received within one week.
“Some victims have lost amounts starting from 50,000 rupees,” Giri said, “Scammers use bulk SMS to send misleading messages.”
Since daily transaction limits on Connect IPS exceed those of banks, many experience substantial financial losses.
Cybersecurity expert Santosh Sharma noted that digital fraudsters steal confidential information by entering genuine personal data on fake websites.
“These fake sites are designed to look exactly like the real ones,” he said.
Connect IPS has stated that there is no system error. Munni Rajbhandari, the information officer, said, “We are alerting users about phishing links and working to shut down fake sites.”
Challenges in Recovering Stolen Funds
Even when some victims attempt to recover money, the complexity of banking systems has caused difficulties in cases that surged this week, according to spokesperson Giri.
He mentioned scammers employ various tactics to access consumer bank accounts.
“Some victims have been deceived into sharing details after receiving phone calls purportedly from banks; others have been tricked through online shopping by screen-sharing,” he added.
These fraudsters typically use ‘mule’ accounts to conduct such transactions.
“If someone steals 50,000 rupees, they often split it into 32 parts and deposit it into 32 separate accounts. During investigation, the initial accounts tend to have no funds,” said Giri. “We correspond with banks to track information, but oftentimes the account holders withdraw the money using ATMs in India.”
“We are making efforts, but so far recovered amounts have been very small compared to total losses.”
Cyber fraud incidents are increasing, with total losses exceeding billions of rupees.
“In fiscal year 2080/81 (2023/24), 4,154 such cases were registered, which rose to 7,740 last fiscal year. So far this fiscal year, 5,433 people have fallen victim,” the spokesperson reported.
A Growing Challenge
Image Source, NRB
Nepal Rastra Bank has increasingly been focusing on controlling unauthorized access incidents, according to spokesperson Gurup Prasad Paudel.
“We have introduced regulations to freeze accounts temporarily to halt transactions, but without suspicion-based cause, the freeze can’t be extended indefinitely. Hence, a legal process is mandatory within 48 hours,” he explained.
Banks and financial institutions are discussing forming a ‘Quick Response Team,’ Paudel added.
“Technology has enabled faster work but also benefits wrongdoers. Resolving issues manually remains difficult.”
Cyber Bureau spokesperson Giri believes this proposal could help curb digital scams.
“Even if banks are closed during public holidays, coordination between the central bank, police, and internet service providers can ensure 24-hour service,” he suggested.
He added that investigative bodies must take greater initiative.
“It is crucial to act quickly upon receiving information. We are ready to provide support.”
Protective Measures
Police have put forward several recommendations for the general public to avoid digital fraud with unauthorized bank access.
The Cyber Bureau issued a notice stating, “Do not click on phishing links, use only official banking websites, keep personal and banking details confidential, and immediately report any suspicious links to the police, Cyber Bureau, and banks.”
However, digital fraudsters continually adopt new methods, requiring everyone to stay alert.
Nepal Rastra Bank spokesperson Paudel stated, “Even educated and tech-savvy individuals have been deceived. So, avoiding unknown links and never sharing OTPs or confidential information is the best security practice.”
Cyber Bureau spokesperson Giri also urges the public to remain cautious of suspicious links.
“Two-factor authentication should be mandatory for banking apps; email passwords must be strong. Caution is also necessary regarding WhatsApp calls from unknown numbers.”
Cybersecurity expert Sharma emphasized that banks and related authorities should conduct extensive awareness campaigns.
“Typically, scammers receive details directly from the affected individuals, not through others.”