‘Digital Fraud’: Experts Advise Security Measures Following Rapid Bank Account Draining Incidents

Aarohan Bajgain (name changed), a university professor in Kathmandu, was in his office last Tuesday afternoon. Around 12:15 PM, he received an SMS on his mobile from a digital payment system called ‘Connect IPS.’ “It stated, ‘Your Connect IPS account has been suspended; please visit here to regain access,’ along with a link,” he explained. Since his transactions occurred through this system, he proceeded to follow the link and completed the reactivation steps. “After completing the process as instructed, I resumed my work.” It was only after returning home in the evening that he was shocked to find numerous SMS notifications indicating deductions from various banks in his phone’s inbox. Upon contacting the digital payment company’s office, it was confirmed that the website where he entered his confidential information was a fake, not the genuine Connect IPS site. “On that same Tuesday, transfers totaling NPR 2,383,000 were made from four of my bank accounts to other locations. Additionally, NPR 5,000 was deposited into two different mobile numbers,” he revealed. Since then, he has been in touch with Connect IPS, the banks, and the police, holding hope for the return of his funds. Police are currently investigating the case and expect it will not be resolved within this week. Nevertheless, he remains optimistic. “We know which banks and accounts received the money, as well as the mobile numbers used with those accounts. The KYC details for those accounts must have been submitted as well,” he added.

Incidents of unauthorized bank access through phishing links, enabling thieves to empty victims’ accounts, are increasing daily, prompting police to urge public vigilance. Police Cyber Bureau spokesperson Dilip Kumar Giri stated, “This is not about WhatsApp hacking or asking money from acquaintances. Scammers are deceiving individuals to access bank accounts, and this is a new type of fraud compared to previous cases.” He reported over 40 such complaints within just one week. “Some victims have lost amounts exceeding NPR 50,000,” said Giri. “Scammers send deceptive messages through bulk SMS campaigns.” Because Connect IPS allows daily transaction limits higher than those set by banks, large financial losses are common. Cybersecurity expert Santosh Sharma explained that digital fraudsters steal confidential information by having victims fill out details on fake websites. “These counterfeit sites are designed to look identical to genuine ones,” he said. Connect IPS officials, however, have stated that their system is functioning normally. Information Officer Munni Rajbhandari said, “We are educating users about phishing links and working to shut down fake sites.”

Recovering stolen money has proven challenging due to the complex banking systems involved, especially in the surge of cases this week, according to spokesperson Giri. He noted that scammers employ various methods to access consumers’ bank accounts. “Some request details after posing as bank callers, others trick victims into sharing screens during online shopping,” he explained. These fraudsters often use ‘mule’ accounts to process transactions. “For example, if NPR 50,000 is stolen, it’s divided into 32 parts and deposited into 32 separate bank accounts. Upon investigation, no money remains at the primary level,” said Giri. “We correspond with the banks to gather information, but often by then, the account holder has already withdrawn the funds via ATM transactions in India.” “We are making efforts, but so far, the amount refunded is significantly less than the total loss.” Cyber frauds have been rising steadily, with victims’ losses surpassing billions in Nepalese rupees. “In the fiscal year 2079/80 (2022/23), 4,154 such incidents were registered, increasing to 7,740 last fiscal year. So far, 5,433 individuals have been defrauded in the current fiscal,” he shared. In response to this growing challenge, Nepal Rastra Bank has intensified measures to prevent unauthorized access, according to spokesperson Guru Prasad Paudel. “We have established guidelines to freeze accounts temporarily, halting transactions, but a long-term freeze requires legal procedures within 48 hours,” he explained. Banks and financial institutions are also discussing the formation of a ‘Quick Response Team.’ Paudel noted that while technology helps facilitate faster operations, it also creates opportunities for misconduct. Manual intervention for resolving these cases is difficult. Cyber Bureau spokesperson Giri added that such proposals could help curb digital fraud. “Although banks close on public holidays, coordination among Nepal Rastra Bank, police, and internet service providers can ensure 24-hour service.” He emphasized that investigative agencies need to act promptly once information is received. “We are ready to provide assistance.”

To protect against unauthorized bank access and digital fraud, the police have advised the public on various preventive measures. A notice issued by the Cyber Bureau states, “Do not click phishing links, use only official banking websites, keep personal and banking details confidential, and immediately report any suspicious links to the police, Cyber Bureau, and banks.” However, as digital fraudsters continue to employ new tactics, heightened vigilance remains essential. Nepal Rastra Bank spokesperson Paudel warned, “Even educated and tech-savvy individuals have been deceived. Therefore, avoid clicking unknown links and never share OTPs or confidential details.” Cyber Bureau spokesperson Giri also stressed the importance of caution with suspicious links. “Two-factor authentication must be mandatory on banking apps; email passwords should be strong. Additionally, be careful with WhatsApp calls from unknown numbers.” Cybersecurity expert Sharma urged banks and relevant agencies to conduct widespread awareness campaigns. “Typically, it is the victims themselves who inadvertently provide the scammers with their details,” he concluded.