of Vishing Fraud Voice phishing is typically used to steal Credit Card ATM Card numbers PIN Numbers CVV Number or other Banking credential information used in identity theft schemes from individuals ID: 469277
Download Presentation The PPT/PDF document "Investigation" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Investigation
of
Vishing FraudSlide2Slide3
Voice phishing is typically used to steal Credit Card /ATM Card numbers, PIN Numbers, CVV Number or other Banking credential / information used in identity theft schemes from individualsSlide4
Sri
Janardana
Padhy
received
an unknown telephonic call from the fraudster and the fraudster posing himself as the ATM Relations Manager calling from Head Office, Mumbai
informed
the victim that “
your ATM Card is at risk, it will be blocked soon”.
The fraudster assured the victim to activate the ATM Card and asked for the ATM –cum-Debit card details i.e., ATM-cum-Debit card Number & PIN
Number.
The fraudster also instructed the victim to switch off
his
Mobile Phone Number for technical reasons & for smooth updating process. The fraudster advised the victim not to inform anyone as the process is very confidential in nature. After receiving the ATM Card details, the fraudster made a number of online transactions (purchase of goods, electronic equipment's, online payments, mobile /DTH recharge, etc.) in various websites / online payment gateways and defrauded an amount of Rs.2,50,000/-.Slide5
Applicable Sections of Law:-
IPC:- 419/420
Information Technology Act-2000:- 66C/66DSlide6
Steps:-
Victim received an unknown call from the fraudster
Accused fraudster posing himself/herself as the ATM Relations Manager calling from Head Office to the victim
Informing the victim over Mobile Phone that “
your ATM Card is at risk, it will be blocked soon”
Assuring the victim to activate the ATM Card, if the victim will furnish the ATM –cum-Debit card detailsSlide7Slide8
Modus Operandi
Asked for the ATM –cum-Debit card details i.e.,
ATM-cum-Debit card Number
PIN Number
Accused instructing the victim to switch off his/her Mobile Phone Number for technical reason & for smooth updating process
Fraudster instructing the victim not to inform anyone as the process is very confidential in natureSlide9
Modus Operandi
After receiving the ATM Card details, the fraudster made a number of online transactions (purchase of goods, electronic equipment's, online payments, mobile /DTH recharge, etc.) in various websites / online payment gateways Slide10
Pre-Requisite for Investigation
Victim received a telephonic call from the fraudster
Victim has given his ATM Card details to the fraudster
Accused had made a number of online transactions in various websites / online payment gateways by using the ATM Card details of the victimSlide11
From the Complainant
Mobile Phone Number of the fraudster to be ascertained from the victim
Seizure of the following documents on production by the victim complainant:-
ATM-cum-Debit card in original
Updated Savings Passbook
SMS details received from the Bank about the online transactions made by the accused with date & time written in a paper by the complainant
Mobile Phone Handset along with SIM Card (in which the SMSs were received) be seized and after seizure be kept in
zimaSlide12Slide13Slide14Slide15
Different
Online
P
ayment
G
atewaysSlide16Slide17Slide18Slide19Slide20Slide21Slide22Slide23
In respect of Complainant
Correspondence to be
made with the Mobile Service Provider to furnish the report in respect of the mobile phone number of the complainant as well as of the fraudster :-
Subscriber Details
Date of Activation
Customer Acquisition Form {in original}
CDR for the alleged period
IMEI Number of the handset
Certificate u/s 65-B of the Indian Evidence ActSlide24
IMPORTANT NOTE IN CD
Co-relation to be made and reflected the same in the case diary as found in the CDR Slide25
Correspondence to be made……
To the concerned Bank
:-
Name
and address of the account holder
Account Statement for the alleged period of unauthorized online fraudulent transaction
The details of each transaction in brief
Account Opening Form of the Victim
Whether the victim was issued with any ATM-cum-Debit Card:-
ATM Card Number
Date of issuing of ATM Card
Details of the ATM CardSlide26
Correspondence to be made with online Payment Gateways / Shopping websites
Account Registration Details in respect of the Merchant ID through which the online transaction was
made
IP details
type of operating system of the computer system of the fraudster
type of browser software
Physical address of the computer system
IP Address, Time stamp and other server log details for each fraudulent
transaction
Payment gateway details along with used credentials for authentication and
transactionSlide27
Correspondence to be made with online Payment Gateways / Shopping websites
All other traceable details like
mobile numbers used for OTP or any authentication or
used to call your customer service number
email addresses for transactions
mailing address of the merchant and any other details
Beneficiary details [ Mobile Phone Number recharged / DTH reference]
available at your side or provided by merchant to bank against these transactions
CookiesSlide28
Correspondence to be made with online Payment Gateways / Shopping websites
Credit history information
Purchase history in respect of the Merchant ID
products the fraudster viewed or searched for
Counterfoil receipt in respect of delivery of goods by the online shopping website to the fraudster
The details of the company personnel along with his contact number who delivered the goods to the fraudster
Date & time of delivery of goods
Address of delivery of goods Slide29Slide30Slide31Slide32Slide33Slide34Slide35Slide36Slide37Slide38Slide39Slide40Slide41
Wallet:-
Recharges,
Bill payments,
Bus tickets,
Shopping from hundreds of categories
Send & receive money to & from friends
Avail of services at partner destinations
Cash back to the accounts
Bill payment or recharge through toll free number or SMSSlide42Slide43
SAMPLE REPORTSSlide44
Report of EBS:- Slide45
Report of Bill Desk:- Slide46
Report of
Freecharge
:- Slide47
Report of
Mobikwik
:- Slide48
Report of
PayU
:- Slide49
Report of
PayTM
:- Slide50
Report of
PayTM
:- Slide51
Report of Pay4India:- Slide52
From reports of Online Payment Gateways we found:-
Registered Mobile Phone Number
IP Address of the computer system used for registration of the account in the online payment gateway along with date & time
Beneficiary Mobile Phone Number/ Recharge ID
E-mail ID furnished by the fraudster in the payment gateway
Details of shipping items
Shipping Address along with name & particulars of the beneficiary Slide53
Correspondence to be made……
E-mail Service Provider:-
Notice u/s 91 of
Cr.P.C
. submitted to the Nodal Officer of E-mail Service Provider to furnish the account registration details along with log details in respect of E-mail account Slide54
Information in respect of e-mail ID:-
Account
Registration Details
Date & time of creation of the e-mail account
IP log at the time of creation of the account
Physical address if any of the computer system used by the fraudster
Browser information
Mobile Phone Number used at the time of registration and
updation
of the e-mail account {registered mobile phone number}
Secondary e-mail account
Log details of the e-mail account Slide55
Google reportSlide56
From the E-mail Service Provider
Name:-
E-mail:-
Status:-
Services:-
Secondary E-mail:-
Created on (with date & time):-
IP Address:-
SMS:-
Log details:- Slide57
Sample Reports from E-mail Service ProviderSlide58
Yahoo reportSlide59
Rediffmail
reportSlide60Slide61Slide62Slide63Slide64
Correspondence to be made……
Internet Service Provider:-
User Subscriber Details of the IP address
Telephone number in case of DSL/CDMA/3G, and Dial up
other relevant information in respect of the User Subscriber
address of correspondence
contact number
e-mail IDs
billing details
MAC ID of the alleged computer system or
IMEI Address of the computer resources with respect of the relevant IP address
CAF / NTC in respect of the User Subscriber in respect of the alleged IP address. Slide65
Request Letter to ISPSlide66
Report from ISP {
Aircel
}Slide67
Sample report from ISP {BSNL}Slide68
Sample report from ISP {ORTEL}Slide69
Sample report from ISP {TATA}Slide70
Correspondence to be made……
Mobile Service Provider:-
Subscriber Details
Date of Activation (DOA)
Customer Acquisition /Application Form (CAF) {in original}
CDR for the alleged period
Certificate u/s 65-B of the Indian Evidence ActSlide71
Investigating Officer will seize
From the possession of accused:-
Laptop with charging adapter
Computer system, its other components (Monitor, CPU, UPS, Keyboard, Mouse)
Hard Disk from the seized CPU
Modem
Pen Drive /USB Drives /CDs/ DVDs
Mobile Handsets
SIM Cards
Memory SD Card
Dongles
Cables
Telephone Bills
Different fake ID Proof documents Slide72Slide73
Modus Operandi:-
The accused person is using different mobile phone numbers for communication with courier agency and delivery of shipping items
The accused person is using different identity particular documents created in different names (Voter ID Card, PAN Card,
Aadhar
Card, College ID Cards)
The accused person sent different persons to receive the shipping items
Mainly operated in the area of Jharkhand
Jamtara
,
Mohanpur
village areas Slide74Slide75Slide76
Seized Exhibits be sent to CFSL for examination
Seized exhibits be sent to Director, Central Forensic Science Laboratory, Directorate of Forensic Science Services, Govt. of India, Ministry of Home Affairs, 30,
Gorachand
Road, Kolkata- 700014, (T) S.D.J.M., for examination and opinion