Investigation of

Vishing Fraud

Voice phishing is typically used to steal Credit Card /ATM Card numbers, PIN Numbers, CVV Number or other Banking credential / information used in identity theft schemes from individuals

Sri Janardana Padhy received an unknown telephonic call from the fraudster and the fraudster posing himself as the ATM Relations Manager calling from Head Office, Mumbai informed the victim that “your ATM Card is at risk, it will be blocked soon”. The fraudster assured the victim to activate the ATM Card and asked for the ATM –cum-Debit card details i.e., ATM-cum-Debit card Number & PIN Number. The fraudster also instructed the victim to switch off his Mobile Phone Number for technical reasons & for smooth updating process. The fraudster advised the victim not to inform anyone as the process is very confidential in nature. After receiving the ATM Card details, the fraudster made a number of online transactions (purchase of goods, electronic equipment's, online payments, mobile /DTH recharge, etc.) in various websites / online payment gateways and defrauded an amount of Rs.2,50,000/-.

Applicable Sections of Law:-

IPC:- 419/420Information Technology Act-2000:- 66C/66D

Steps:- Victim received an unknown call from the fraudster

Accused fraudster posing himself/herself as the ATM Relations Manager calling from Head Office to the victim

Informing the victim over Mobile Phone that “your ATM Card is at risk, it will be blocked soon”

Assuring the victim to activate the ATM Card, if the victim will furnish the ATM –cum-Debit card details

Modus Operandi

Asked for the ATM –cum-Debit card details i.e., ATM-cum-Debit card Number PIN Number

Accused instructing the victim to switch off his/her Mobile Phone Number for technical reason & for smooth updating process

Fraudster instructing the victim not to inform anyone as the process is very confidential in nature

Modus Operandi

After receiving the ATM Card details, the fraudster made a number of online transactions (purchase of goods, electronic equipment's, online payments, mobile /DTH recharge, etc.) in various websites / online payment gateways

Pre-Requisite for Investigation

Victim received a telephonic call from the fraudster

Victim has given his ATM Card details to the fraudster

Accused had made a number of online transactions in various websites / online payment gateways by using the ATM Card details of the victim

From the Complainant

Mobile Phone Number of the fraudster to be ascertained from the victim

Seizure of the following documents on production by the victim complainant:- • ATM-cum-Debit card in original• Updated Savings Passbook• SMS details received from the Bank about the online transactions made by the accused with date & time written in a paper by the complainant•Mobile Phone Handset along with SIM Card (in which the SMSs were received) be seized and after seizure be kept in zima

Different Online Payment

Gateways

In respect of Complainant Correspondence to be made with the Mobile Service Provider to furnish the report in respect of the mobile phone number of the complainant as well as of the fraudster :-• Subscriber Details• Date of Activation• Customer Acquisition Form {in original}• CDR for the alleged period• IMEI Number of the handset• Certificate u/s 65-B of the Indian Evidence Act

IMPORTANT NOTE IN CD

Co-relation to be made and reflected the same in the case diary as found in the CDR

Correspondence to be made……

To the concerned Bank:-•Name and address of the account holder• Account Statement for the alleged period of unauthorized online fraudulent transaction • The details of each transaction in brief • Account Opening Form of the Victim•Whether the victim was issued with any ATM-cum-Debit Card:- • ATM Card Number• Date of issuing of ATM Card• Details of the ATM Card

Correspondence to be made with online Payment Gateways / Shopping websites

Account Registration Details in respect of the Merchant ID through which the online transaction was made IP details type of operating system of the computer system of the

fraudster type of browser software Physical address of the computer system

IP Address, Time stamp and other server log details for each fraudulent transaction

Payment gateway details along with used credentials for authentication and transaction

Correspondence to be made with online Payment Gateways / Shopping websites

All other traceable details like mobile numbers used for OTP or any

authentication or used to call your customer service number

email addresses for transactions mailing address of the merchant and any

other detailsBeneficiary details [ Mobile Phone Number recharged / DTH reference] available at your side or provided by merchant to bank against these transactions

Cookies

Correspondence to be made with online Payment Gateways / Shopping websites

Credit history information Purchase history in respect of the Merchant IDproducts the fraudster viewed or searched forCounterfoil receipt in respect of delivery of goods by the online shopping website to the fraudster

The details of the company personnel along with his contact number who delivered the goods to the fraudster

Date & time of delivery of goodsAddress of delivery of goods

Wallet:-• Recharges, • Bill payments, • Bus tickets, • Shopping from hundreds of categories• Send & receive money to & from friends• Avail of services at partner destinations• Cash back to the accounts• Bill payment or recharge through toll free number or SMS

SAMPLE REPORTS

Report of EBS:-

Report of Bill Desk:-

Report of Freecharge:-

Report of Mobikwik:-

Report of PayU:-

Report of PayTM:-

Report of PayTM:-

Report of Pay4India:-

From reports of Online Payment Gateways we found:- Registered Mobile Phone Number IP Address of the computer system used for registration of the account in the online payment gateway along with date & time

Beneficiary Mobile Phone Number/ Recharge ID

E-mail ID furnished by the fraudster in the payment gateway

Details of shipping items Shipping Address along with name & particulars of the beneficiary

Correspondence to be made……

E-mail Service Provider:-

• Notice u/s 91 of Cr.P.C. submitted to the Nodal Officer of E-mail Service Provider to furnish the account registration details along with log details in respect of E-mail account

Information in respect of e-mail ID:- Account Registration Details Date & time of creation of the e-mail account IP log at the time of creation of the accountPhysical address if any of the computer system used by the fraudsterBrowser information Mobile Phone Number used at the time of registration and updation of the e-mail account {registered mobile phone number}Secondary e-mail accountLog details of the e-mail account

Google report

From the E-mail Service Provider

Name:-E-mail:-Status:-Services:-Secondary E-mail:-Created on (with date & time):- IP Address:-SMS:- Log details:-

Sample Reports from E-mail Service Provider

Yahoo report

Rediffmail report

Correspondence to be made……Internet Service Provider:-• User Subscriber Details of the IP address• Telephone number in case of DSL/CDMA/3G, and Dial up• other relevant information in respect of the User Subscriber

• address of correspondence• contact number • e-mail IDs • billing details

• MAC ID of the alleged computer system or• IMEI Address of the computer resources with respect of the

relevant IP address• CAF / NTC in respect of the User Subscriber in respect of

the alleged IP address.

Request Letter to ISP

Report from ISP {Aircel}

Sample report from ISP {BSNL}

Sample report from ISP {ORTEL}

Sample report from ISP {TATA}

Correspondence to be made……Mobile Service Provider:-

Subscriber DetailsDate of Activation (DOA)Customer Acquisition /Application Form (CAF) {in original}

CDR for the alleged periodCertificate u/s 65-B of the Indian Evidence Act

Investigating Officer will seizeFrom the possession of accused:- Laptop with charging adapter Computer system, its other components (Monitor, CPU, UPS,

Keyboard, Mouse) Hard Disk from the seized CPU Modem Pen Drive /USB Drives /CDs/ DVDs Mobile Handsets SIM Cards Memory SD Card Dongles Cables Telephone Bills Different fake ID Proof documents

Modus Operandi:-

The accused person is using different mobile phone numbers for communication with courier agency and delivery of shipping items

The accused person is using different identity particular documents created in different names (Voter ID Card, PAN Card, Aadhar Card, College ID Cards)

The accused person sent different persons to receive the shipping items

Mainly operated in the area of Jharkhand Jamtara, Mohanpur village areas

Seized Exhibits be sent to CFSL for examination

Seized exhibits be sent to Director, Central Forensic Science Laboratory, Directorate of Forensic Science Services, Govt. of India, Ministry of Home Affairs, 30, Gorachand Road, Kolkata- 700014, (T) S.D.J.M., for examination and opinion