Why are you characterizing a social engineering crime as a technical vulnerability off the UPI platform ? You realize this entire scam can be transacted face to face as well ? It’s how old people are commonly duped around the world.
Scammers use India’s real-time payment system to siphon off money, send it to China
China-based scammers are using a combination of fake loan apps and India's real-time mobile payment system, Unified Payments Interface (UPI), to separate victims from their cash, according to a report by threat intel firm CloudSEK. "UPI service providers currently operate without coverage under the Prevention of Money …
COMMENTS
-
-
-
Tuesday 24th October 2023 17:28 GMT doublelayer
Most of those things are problems that could exist in any payment system, and aren't particularly reliant on any peculiarity of India's. The only technical change suggested was this:
One key initiative could involve verifying that any new mobile number added to an account matches the account holder's name, thwarting scammers from gaining control by altering phone numbers," advised CloudSEK.
That change is not likely to help much. If India tracks ownership of phone numbers, scammers could buy cheap phones and have them registered as their mules while keeping control of the devices. The people who are changing phone numbers are those who decided to be willing accomplices, so this shouldn't be a problem. This suggestion would work better if the scam involved the victims changing their account phone numbers, but the article makes it clear that they are socially engineered out of their cash and the account details only apply to people who have time to set up the infrastructure beforehand.
The point that the system operates outside the money laundering law is a better possibility, although they didn't suggest what technical changes are required to fix that. Unfortunately, a lot of schemes like this manage to get around such legislation if the scammers simply wait a bit longer for the funds to clear before cashing them out or transferring them over borders. Scam rings that operate this in a variety of western countries, including but not limited to many large ones based in India, know this firsthand. If our banking systems, with all their anti-laundering facilities can't prevent that, then adding a delay to their system is unlikely to be sufficient to prevent it in India either. You'll need more, and I don't know what that would be.
-
Wednesday 25th October 2023 10:43 GMT Dan 55
Most of those things are problems that could exist in any payment system, and aren't particularly reliant on any peculiarity of India's.
I don't think I ever suggested these problems were reliant on any peculiarity of India's.
That change is not likely to help much. If India tracks ownership of phone numbers, scammers could buy cheap phones and have them registered as their mules while keeping control of the devices.
And yet the change in the UK to the faster payments system to check names was brought in precisely to cut down on fraud. It doesn't matter if you're sending it to the scammer or a mule, neither of those names will match the person or business the user thinks they're sending the money to so it should flag up a warning.
-
Wednesday 25th October 2023 17:52 GMT doublelayer
"I don't think I ever suggested these problems were reliant on any peculiarity of India's."
As far as I can tell, this thread is discussing whether this is a social engineering problem or one that's peculiar to India's UPI system. Raj took the view that it was not related to UPI, and you disagreed. That would mean that you think it is reliant on some particular aspect of UPI, not just social engineering on a different transfer system. I certainly read that suggestion, and I don't see what other one you have in mind.
Adding verification to the process would help, and that is certainly worth trying, but I don't think that the suggested measure, verifying phone numbers against account names, will really do anything to help social engineering. The account name shown to people transferring funds won't change. You'll just get an indication that the phone number was registered with the same name that the account was. If they're already showing account names, it sounds like they are already giving the victim one opportunity to smell a rat and cancel the transfer when it appears to be an individual's account rather than a business one. Phone number validation won't do more of that.
-
Friday 27th October 2023 21:09 GMT Dan 55
As far as I can tell, this thread is discussing whether this is a social engineering problem or one that's peculiar to India's UPI system. Raj took the view that it was not related to UPI, and you disagreed. That would mean that you think it is reliant on some particular aspect of UPI, not just social engineering on a different transfer system. I certainly read that suggestion, and I don't see what other one you have in mind.
There are some technical problems which have nothing to so with the platform being Indian. Any other platform in the world would also have the same problems if it also had the same deficiencies... so the problems need to be addressed.
-
-
-
-
-
-
-
-
Wednesday 25th October 2023 16:12 GMT GBE
Re: It's popular because it is easy to use.
-- police crime effectively --
I parsed that initially as Noun Verb Adverb, and it took me quite a while to figure out it was meant to be Verb Noun Adverb.
There's a legal podcast I listen to regularly where one of the hosts likes to colloquially use "crime" as a verb. Actually it's usually "criming" used as a gerund, but apparently my brain has adjusted and now considers crime to be either noun or verb.
-
-
-
Tuesday 24th October 2023 15:49 GMT martinusher
Indians falling for Internet scam? Who'd have thought it!
For many years now the concepts "Indian" and "Internet Scam" have been intrinsically linked -- I've lost count of the number of times I've picked up the phone to have some barely intelligible voice claiming to be from the IRS or similar agency threatening dire consequences unless I give them all my money.
The fact that someone's now working the same crap on them is sweet irony. Maybe Indian law enforcement might start taking these criminals seriously.
-
Tuesday 24th October 2023 16:42 GMT Joe 59
Re: Indians falling for Internet scam? Who'd have thought it!
Of course, with 1.4B people who aren't scammers, India is as much victim as the rest of the world. The only thing keeping them from rising up in rank of victims is that most of them are extremely poor and don't have digital assets to plunder.
I feel like the emphasis needs to be placed on the policing part, and any nation that firewalls off investigations into this should be shunned from international transactions, like China. They take internal victims very seriously, unless the thief is a member of the CP, but don't extend that courtesy to external victims, unless the thief isn't a member of the CP.
-
-
Wednesday 25th October 2023 19:42 GMT Prakashp
Usually it is Chinese scammers who scam international systems and I do not understand why they can't be pursued in China and punished. China punishes crimes very severely, so how is it that scammers like this seem to succeed in hiding themselves behind a curtain in a country that is so efficient in tracking their population even if they write an opinion on social media. Is the Chinese government promoting international fraud to make money. That is a question that nobody seems to think about. Should China then be sanctioned for promoting illegal / criminal financial transactions