Conning customers with bank details | #computerhacking | #hacking | #education | #technology | #infosec

Around 1:10pm on March 12, Abu Bakkar Siddique received a call from “+16491”. The caller identified himself as an official of Social Islami Bank Limited (SIBL).

The caller told Siddique his personal details, like his name, address and credit card number, to gain trust.

For all latest news, follow The Daily Star’s Google News channel.

Finally, the caller asked Siddique to give him the one-time password (OTP) that was sent to his phone, mentioning that the password is required to improve his card’s security.

“I was completely convinced it was a bank official, as only banks have such information. So, I provided the OTP. But moments later, I saw that a transaction of Tk 10,000 was made through my card,” said Siddique while explaining the fraud.

Siddique then filed a case with Demra Police Station, claiming that some SIBL officials joined hands with hackers and stole the money from his card.

While investigating the case, cyber and special crime division of police’s Detective Branch (DB) has found that an assistant relation officer (ARO) of the bank has been pocketing money using this tactic, joining hands with two hackers.

On information, DB arrested ARO Kabul Hasan Rashid and Hasan Khan, a hacker from Dhanmondi, on Monday, Tareq Bin Rashid, deputy commissioner of DB, told The Daily Star yesterday.

He said Kabul used to take print-outs of customer information from the bank and handed them over to hackers.

“For providing one page containing around 24 customers’ information, Kabul used to get Tk 5,000 to 7,000 from the hackers,” he said. In the last one and a half years, Kabul has provided at least 300 customers’ information.

“The nexus has another hacker — Md Rabbi — who is on the run. We are now conducting drives to arrest him,” he said.


Regarding the fraud, investigators said the hackers used to convince bank customers with the personal information provided by Kabul.

Rabbi, hailing from Domain village of Faridpur, is an expert in manipulating mobile financial services (MFS), said Mohidul Islam, additional deputy commissioner of DB.

They used to transfer money from the cards to MFS accounts, and for that OTPs are required.

He used to clone the bank’s call-centre number and call customers, identifying himself as the bank’s high-official. “Rabbi used to tell customers that someone from the bank would call them for details, and then Hasan would call the customer and ask for OTP,” said the officer.

For each successful transaction, Rabbi used to take 30 percent of the money and Hasan 70 percent.

Hasan and Kabul are relatives. During primary interrogation, Kabul told detectives that he has done this for money, as he is a low-paid employee of the bank, said DC Tareq.

Contacted yesterday, Md Moniruzzaman, head of marketing and brand communication at SIBL, said Kabul was a contractual employee of the bank’s card division. “We suspended him soon after we received the complaint,” he said.

Asked about what steps the bank will take for the victims of fraud, Moniruzzaman said the card division has already started an investigation to look into the issue.

Source link