Team-BHP > Buckle Up > Street Experiences


Reply
 
Thread Tools Search this Thread
Old 21st January 2020, 12:29   #1
BHPian
 
wheelguy's Avatar
 
Join Date: Jul 2019
Location: City of Destiny
Posts: 985
Thanked: 4,601 Times
Default Alert! Don't fall for this FASTag fraud

With the Fastags linked with bank accounts, all the payments directly get deducted from the linked account balance.
Quote:
NEW DELHI: Fraudsters have found a new way to cheat citizens with the launch of FASTag in the country. The scamster are trying to siphon money from the bank accounts of gullible citizens through UPI on the pretext of helping people to register and get their FASTag working.

The first incident of this scam was officially reported recently when a man from Bengaluru lost Rs 50,000 to scamsters. He got a fake call from a so-called customer service executive of Axis Bank who had sent him an online form to fill-in to get his FASTag wallet running after he complained that the wallet was not working.

The scamsters cleverly managed to get the UPI PIN from the victim by fooling him about the online registration process.

“The caller sent me a link through SMS which said, ‘Axis Bank — FASTag form’ and asked me to provide a few details in order to activate my FASTag wallet. In the form, I provided details like my full name, registered mobile number and Unified Payment Interface (UPI) PIN." he said.

He also said, "I thought the application itself served as a point of recharge. I typed the PIN and submitted it. Subsequently, I was told that the helpdesk had generated a one-time pass (OTP) which was sent to my phone. The caller told me to send the OTP to a different number and I did accordingly."
  • Readers are recommended that under no circumstances they should reveal any PIN or password to anyone or enter it in any random form for any purpose. The registration of FASTag doesn’t require you to submit any password or online banking details at all. As FASTag service is new, scamsters are trying all means to cheat citizens.
  • There are only two ways one can activate their Fastags-- either through self-activation using MyFastag app or by visiting the nearest bank branch. The FASTag registration cannot happen by talking to some bank employee over the phone. In case, you happen to receive any such calls, immediately disconnect and then visit the bank branch yourself to check if there is any issue.
  • As Fastags are usually linked with bank accounts, all the payments directly get deducted from the linked account balance. Users also have the option to create a NHAI Prepaid wallet, recharge it and connect it with the Fastag for payments.Also, you can also recharge your Fastag using UPI via MyFastag app.
Source: ET Auto
wheelguy is offline   (26) Thanks Reply With Quote
Old 21st January 2020, 13:26   #2
BHPian
 
Join Date: Apr 2009
Location: Bangalore
Posts: 560
Thanked: 1,099 Times
Default Re: Alert! Don't fall for this FASTag fraud

First of all, I do not believe "Linking the Bank account to Fast Tag account for direct deduction from the bank account"

How can we give the complete control of limitless debit from our bank account to a third party?

In my view, we should just charge the card just before travel with 100-200 Rupees extra as and when required, by knowing the approximate toll expense. Else, we never know when and where hackers would start pulling the money from our account.

I may be a bit more conservative here, but it is always profitable and safer to be conservative like this.
gkveda is offline   (42) Thanks Reply With Quote
Old 21st January 2020, 13:28   #3
BHPian
 
RedTerrano's Avatar
 
Join Date: Jan 2015
Location: Pune
Posts: 147
Thanked: 720 Times
Default Re: Alert! Don't fall for this FASTag fraud

The caller told me to send the OTP to a different number and I did accordingly.

Seriously? Over the years, I have had official communication from all the banks, asking me not to do this very thing. If I remember correctly, even the OTP SMS contains the message.
RedTerrano is offline   (18) Thanks Reply With Quote
Old 21st January 2020, 13:56   #4
BHPian
 
Join Date: Mar 2019
Location: Pune
Posts: 184
Thanked: 203 Times
Default Re: Alert! Don't fall for this FASTag fraud

I maintain only the bare minimum amount required in my bank account linked to UPI because I am still not sure about the security. The salary accounts are separate and the debit cards are locked away. I guess Paytm Fast Tag has the toll deducted from the Wallet instead of the bank account. The Fast Tag system still has glitches to overcome till it becomes a truly seamless and user friendly experience. Meanwhile we have to be careful from scamsters like these.
adi.mariner is offline   (5) Thanks Reply With Quote
Old 21st January 2020, 14:26   #5
BHPian
 
THE_DRIFTER's Avatar
 
Join Date: Aug 2019
Location: Panchkula
Posts: 40
Thanked: 54 Times
Default Re: Alert! Don't fall for this FASTag fraud

Now, this is the most common way in which these fraudsters manage to fool people.

Citizens should never ever share these important details with anyone. First thing stated by bank employees is to never give OTP to anyone and as described by another BHP-ian OTP message itself says " DO NOT SHARE THIS OTP WITH ANYONE "
THE_DRIFTER is offline   (2) Thanks Reply With Quote
Old 21st January 2020, 16:45   #6
BHPian
 
Join Date: Feb 2016
Location: Hyderabad
Posts: 97
Thanked: 258 Times
Default Re: Alert! Don't fall for this FASTag fraud

I am still more conservative. Though I use PayTm to make payments using mobile but it is not linked to my bank accounts. I do not use any other payments app if they do not have the option of recharging using credit cards.

Call me old fashioned but I would rather be safe than be sorry. I have not faced issues yet as most merchants accept PayTm payments through linked mobile numbers. In few cases where they don't I use cash or credit card. But such cases are extremely rare

Only downside is one has to keep tab on credit card expenses.
nibedk is online now   Reply With Quote
Old 21st January 2020, 17:12   #7
GTO
Team-BHP Support
 
GTO's Avatar
 
Join Date: Feb 2004
Location: Bombay
Posts: 55,935
Thanked: 148,636 Times
Default Re: Alert! Don't fall for this FASTag fraud

A fool and his money parted, is all that I can say.

On a related note, my Fastag is linked to a prepaid wallet (Axis Bank). There is NO WAY I'm linking a Fastag to my bank account. Heck, I don't even keep a debit card in this country full of scams & frauds. Just credit cards for me; if someone has to steal my card number from a swiping machine (example), they better be stealing the issuing bank's money, not mine.
GTO is offline   (40) Thanks Reply With Quote
Old 21st January 2020, 17:24   #8
BHPian
 
RedTerrano's Avatar
 
Join Date: Jan 2015
Location: Pune
Posts: 147
Thanked: 720 Times
Default Re: Alert! Don't fall for this FASTag fraud

Quote:
Originally Posted by GTO View Post
Heck, I don't even keep a debit card in this country full of scams & frauds. Just credit cards for me;
IMO a debit card is more safer than a credit card (agree on the part about bank's money though)
Every debit card transaction has to have a PIN/OTP.

My family has 2 FasTags. HDFC and Kotak. Both these banks use the wallet system.
Unbelievably, only AXIS (from what I could gather after a quick google search) is offering the linking + auto debit facility.
Alert! Don't fall for this FASTag fraud-axis-auto-debit.png

Source
RedTerrano is offline   (6) Thanks Reply With Quote
Old 21st January 2020, 17:59   #9
BHPian
 
KrisTvpm's Avatar
 
Join Date: Sep 2015
Location: Bengaluru
Posts: 95
Thanked: 189 Times
Default Re: Alert! Don't fall for this FASTag fraud

Quote:
Originally Posted by wheelguy View Post
With the Fastags linked with bank accounts, all the payments directly get deducted from the linked account balance. <SNIP>
[*]As Fastags are usually linked with bank accounts, all the payments directly get deducted from the linked account balance
It's sad that despite the awareness created by financial institutions, general knowledge imparted through online media etc., still people fall prey to such fraudsters/social engineering. Ofcourse not discounting the mass of not-so-tech-savvy people who might be the gullible victims in such cases.

Btw, seconding @gkveda's point: Guess the last bullet point needn't be mandatory, it's not necessary to link fastag to any bank account - at best it might be an option provided by some banks/providers. I've been operating my ICICI fastag through inbuilt wallet for the last couple of years and it's been working perfectly. I just load the wallet with approx necessary amount + a buffer before the journey and I'm good.
KrisTvpm is offline   (1) Thanks Reply With Quote
Old 21st January 2020, 18:42   #10
BHPian
 
Join Date: Jan 2019
Location: TN-11, AP-03
Posts: 225
Thanked: 467 Times
Default Re: Alert! Don't fall for this FASTag fraud

I read this story sometime back and was appalled after learning that, the person who is cheated is a Cyber Security Expert himself. When these scamsters are able to cheat a security expert and think about the common man. High time government runs an educative videos / announcements on how the Fastags work and how they have to be recharged.

FASTag fraud: Cybersecurity expert from Bengaluru shares PIN ..


80's kids might remember the Puliraja campaign for educating the mass on AIDS. It worked well. We need such campaings to educate our people.
saisree is offline   (5) Thanks Reply With Quote
Old 21st January 2020, 18:57   #11
BHPian
 
Newpunter's Avatar
 
Join Date: May 2010
Location: Bangalore
Posts: 712
Thanked: 197 Times
Default Re: Alert! Don't fall for this FASTag fraud

Quote:
Originally Posted by RedTerrano View Post
The caller told me to send the OTP to a different number and I did accordingly.

Seriously? Over the years, I have had official communication from all the banks, asking me not to do this very thing. If I remember correctly, even the OTP SMS contains the message.
I had recently posted in a different thread about a similar scam with Amazon returns. The problem with the UPI PIN change OTP is that the SMS is just a bunch of random characters and does not mention that this SMS contains the code to change your UPI pin. There is no way a normal customer would realize that they are forwarding an SMS that would let the scamsters change your UPI pin.
Since I was aware that this was a scam, I talked to him and tried to find out the scamsters' modus operandi. But it would not be right to blame a layman for the bad design of the UPI process.
Newpunter is offline   Reply With Quote
Old 21st January 2020, 19:10   #12
BHPian
 
Join Date: Jan 2019
Location: TN-11, AP-03
Posts: 225
Thanked: 467 Times
Default Re: Alert! Don't fall for this FASTag fraud

Quote:
Originally Posted by Newpunter View Post
The problem with the UPI PIN change OTP is that the SMS is just a bunch of random characters and does not mention that this SMS contains the code to change your UPI pin.
Guess, this random characters is for activating the UPI registration/activation and linking your bank account with your UPI provider like GPay,PhonePe, BHIM etc., Change of UPI pin is done generally by entering your debit card no and the expiry data.
saisree is offline   (3) Thanks Reply With Quote
Old 22nd January 2020, 10:21   #13
BHPian
 
Join Date: Aug 2008
Location: TS 10 / TN 43
Posts: 36
Thanked: 60 Times
Default Re: Alert! Don't fall for this FASTag fraud

Quote:
Originally Posted by GTO View Post
On a related note, my Fastag is linked to a prepaid wallet (Axis Bank). There is NO WAY I'm linking a Fastag to my bank account. Heck, I don't even keep a debit card in this country full of scams & frauds. Just credit cards for me; if someone has to steal my card number from a swiping machine (example), they better be stealing the issuing bank's money, not mine.
Exactly as GTO has said, doorway to your bank accounts should be strictly kept closed.

I don’t use UPI and Debit cards are used only at ATMs. I Strictly use credit cards which I have insured.

My FastTag from Axis bank in 2017 came with its own pre-paid wallet. How is it linked to the bank account? Even my parents FastTag is linked to my Paytm prepaid wallet only.

Banks should educate users on good practices for cashless transactions.
gungax is offline   (1) Thanks Reply With Quote
Old 22nd January 2020, 10:47   #14
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 2,581
Thanked: 2,337 Times
Default Re: Alert! Don't fall for this FASTag fraud

This incident is not particularly indicting Fastag; just that Fastag was used as a vector in a social engineering attack. This and several other similar incidents all point to one thing - this whole "OTP for 2FA" system is broken beyond redemption.

A while back I switched to TOTP for my Google Account and over several years, for all services that I use which support it. But even TOTP systems suffer from the same vulnerability as SMS-delivered OTPs; the saving grace being their relatively shorter lifetime (1 min max vs 5 mins or more for SMS OTPs). Last year I invested in a Yubikey for services that support it - Google, Microsoft & Dropbox for now. It is at least 2FA as it is meant to be. I just hope our banks and service providers all mandate it (HSBC had an RSA SecurID based 2FA way back in early oughties. No other bank that I know of even introduced it as an option).

Last edited by binand : 22nd January 2020 at 10:48.
binand is offline   (4) Thanks Reply With Quote
Old 22nd January 2020, 11:14   #15
BHPian
 
Join Date: Jul 2010
Location: Bangalore
Posts: 101
Thanked: 99 Times
Default Re: Alert! Don't fall for this FASTag fraud

I'd linked my Paytm wallet to 3 FASTag for 3 of our cars just over a month ago and I've been charged 90 bucks twice (FASTag linked to my Polo GT TSI) from a certain 'Guduru' toll ( I don't even know where that is) and I am sure as hell I haven't even gone out of Bangalore in my Polo!

I simply emptied my wallet to prevent further damage.

Paytm's support system doesn't help either. Tried raising a complaint but to no avail.

Planning to get FASTag from ICICI as a bunch of my friends said they've not faced any hassles!
vishwasvr is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Shell pump fraud alert - Misleadingly showing low engine oil level abhi182 Street Experiences 52 15th January 2020 08:39
Fastag 2.0: Now, use Fastag 2.0 to pay for fuel on highways mukeshgoel Street Experiences 19 3rd August 2019 09:49
Government launches 'FASTag' - Electronic Toll Collection dass Street Experiences 515 17th August 2016 12:24
Bank Repossessed cars - Fraud alert! bkishore_77 The Indian Car Scene 62 26th June 2012 21:16
<Newbie Alert> IronWolf Baleno Bangalore <Newbie Alert> IronWolf Introduce yourself 26 21st June 2007 20:28


All times are GMT +5.5. The time now is 05:52.

Copyright ©2000 - 2020, Team-BHP.com
Proudly powered by E2E Networks