Keep an Eagle Eye on Your Bank Transactions! Unauthorized Transactions Reported by Google Play Store Users!!

Several Indian bank customer accounts have been compromised by cyber criminals according to the online complaints posted by Android Google Play store users. The posts stressed upon illegal transactions of money without the user’s consent/ OTP authorization. These unauthorized transactions were done using the saved bank account credentials on Google Play Store. In the last two months, there were a lot of complaints registered based on this issue via google support and various other complaint registration platforms. As part of the breach, users started receiving SMS messages from respective banks regarding a failed transaction. Initially, some of the customers ignored the messages, but later they found that it was a test transaction, and a major transaction from their account take place after, which emptied their accounts. This started to create panic situation among the customers, and they started to contact the banks and the google play store.This attack is worked out initially by trying to debit a small amount followed by transfer of a huge sum of money. The majority of the complaints claimed that money is transferred to the accounts of Google Services, Google Octro Inc & Google Moonfrog labs. However, there is no official confirmation so far about this incident. One of the users posted Google support team’s reply to the victim’s complaints. The reply post mentioned that Google had initiated an investigation of this incident on June 1st and all unauthorized transfers will be refunded. Google Support Team’s post : Industry experts are on serious discussion based on the issue, and some of them are investigating the same. We can expect further clarity followed by investigations. The initial analysis reveals that the compromise could be at the bank side, ISP(Internet service provider), google play store or similar online stores. Google play store and similar online services in Europe and US are a bit more relaxed regarding online purchases, where most of the cases, they bypass the dual factor authentication requirements of the customer’s bank cards. This primarily may be due to the urge to give flexibility and ease of use to their customers in the context of better protection for the customers in those parts of the world, through insurance coverage and legal protection Unfortunately, no banks have acknowledged any breach incident as of now. Some of them predicted that interception of the SMS service could easily be done in these days, by which the OTP code could access. SecureReading recommends making it a habit for the users to check their bank account transactions regularly. They must make sure to receive SMS alerts on all transactions and critical changes in their account setup (mobile number/email changes, address alterations, etc.). On the next level of vigilance, the customer may give standing instructions to their relationship managers to keep a close eye on their account transactions and in certain cases to block their card based on suspicious transactions of a significant amount. Any suspicious transactions noticed should be reported to the bank and immediately request to block the card.