Indian bank’s two-factor authentication proves useless.

If you are in India and have a bank account you must have seen that when you make an online transfer of money you get an authentication code SMS to you in your registered mobile number. This is what a two-factor authentication is. This is also used when you try to change your password of your online banking account.

Recently there has been one incident where two person have found out a way and stolen a huge some of money from many victims. Two of them are Mohammed Mirza Ali, alias Sanjay Soni, alias Mamu, from Mumbai, and Pritam Mishra, alias Preet Mishra, from Delhi.They have been caught and are now in custody of police.

They way they did the job was.

  • First they use to buy compromised account details in bulk from cybercrooks. (A Nigerian syndicate according to police)


  • Second they used to open a dummy bank account in false name by paying associates.


  • Thirdly they use to trick the mobile companies and get a replacement SIM. With all the personal details about the victim already with them its very easy to convince the mobile operators to get the replacement SIM.


The SMS is sent to the SIM card that contains your phone number, so if the criminals have the replacement SIM they will receive the SMS and not you. And of course your phone wont work at that time as when you get a replacement SIM the previous SIM is made useless. The criminals use to perform the operation very quickly as they knew that , the victim will soon complain to mobile operator about the problem of the mobile not able to get a signal.

They have stolen Rs 20 lakh (two million INR, approx $35,000) before they were busted.

So, if you live in India, have a mobile phone and bank account, contact your customer care immediately if you see that your SIM card is not working. It may be just a minor technical glitch but it may be that someone is trying to steal money from your bank. Always remember its better to be safe then sorry.


Leave a Reply

Your email address will not be published. Required fields are marked *