HDFC/SBI reward points expiring today call scam – what to do?

Imagine your phone rings, and an official-sounding voice on the other end introduces themselves as being from the "HDFC Bank Rewards Department" or perhaps "SBI Rewards Team." They inform you, with a sense of urgency, that your accumulated credit card reward points – let's say a substantial 9,000 points – are about to expire today. The caller emphasizes that these points, if not redeemed immediately, will be forfeited. This creates a sense of panic and a desire not to lose out on a perceived benefit. To "help" you redeem these points, they will guide you through a seemingly simple process. They might say that due to a new system update or a special offer, the redemption can only be completed via a specific application. This is where the trap is set. They will instruct you to download a screen-sharing application from your phone's app store – often something like AnyDesk, TeamViewer, or a lesser-known but equally malicious equivalent. Once you have downloaded and installed the app, they will ask you to share a unique code displayed on your screen, which grants them remote access to your device. As soon as they have control, they will pretend to initiate the reward point redemption process. However, in reality, they are meticulously navigating your phone, looking for banking apps, UPI payment applications, or any stored financial details. They might even explicitly ask you to log into your internet banking or credit card portal "to verify details" while they are watching your screen. With remote access, they can: * **Access your banking apps:** If you log in while they are viewing your screen, they can capture your username and password. * **Initiate financial transactions:** They might make unauthorized UPI payments, credit card transactions, or transfer funds from your accounts. * **Collect personal information:** They can browse your photos, messages, or documents containing sensitive information like Aadhaar numbers, PAN details, or other KYC documents. * **Bypass OTPs:** In some sophisticated versions, they might even ask you to verbally provide OTPs (One Time Passwords) received on your phone, claiming it's for 'verification' of the reward redemption. Since they are watching your screen, they can also potentially intercept OTPs displayed in SMS notifications if they successfully gain deeper access. By the time you realize what's happening, your bank account could be emptied, or fraudulent transactions processed, often leaving victims with little recourse, as they unknowingly granted the fraudsters access themselves.

• Urgency and Pressure:** Any call demanding immediate action due to "expiring" points or limited-time offers should be treated with extreme suspicion.
• Request to Download Screen-Sharing Apps:** Legitimate banks will NEVER ask you to download remote access software like AnyDesk or TeamViewer for any transaction or verification.
• Unsolicited Calls About Reward Points:** While banks do have reward programs, they typically communicate through official channels (bank-registered email, secure in-app notifications, or physical mail) for redemption processes, not urgent unsolicited calls.
• Asking for Sensitive Information over Call:** Be wary if they ask for your full credit card number, CVV, expiry date, PIN, internet banking login credentials, or OTPs during the call.
• Broken English or unprofessional communication:** While not a definitive indicator, many such scam callers display signs of being non-native English speakers or use grammatically incorrect phrasing.
• Generic Caller ID:** Scammers often use spoofed numbers that may show up as your bank, but sometimes they come from unfamiliar or generic mobile numbers.

• Never Download Unsolicited Apps:** Absolutely refuse to download any screen-sharing application or unknown software at the behest of an unverified caller.
• Verify Directly with Your Bank:** If you receive such a call, politely end the call. Then, independently contact your bank's official customer service number (found on their official website or on the back of your credit card) to inquire about your reward points.
• Guard Your PINs and OTPs:** Meticulously protect your credit card PIN, internet banking passwords, UPI PINs, and especially OTPs. No legitimate bank employee will ever ask you for these over the phone.
• Be Skeptical of "Too Good to Be True" Offers:** If an offer seems unusually lucrative or requires immediate action, it's likely a scam.
• Enable Transaction Alerts:** Set up SMS and email alerts for all your credit card and bank account transactions so you are immediately notified of any suspicious activity.
• Regularly Check Bank Statements:** Review your credit card and bank statements carefully for any unauthorized transactions.

• Immediately Disconnect the Call:** As soon as you suspect it's a scam, hang up the phone.
• Disable Internet/Wi-Fi:** If you have shared remote access, immediately turn off your phone's internet (mobile data and Wi-Fi) to cut off their connection.
• Change All Passwords:** Change passwords for your internet banking, credit card portals, UPI apps, and any other financial accounts, preferably from a different, secure device.
• Contact Your Bank's Fraud Department:** Call your bank's official fraud helpline immediately to report the incident and block your credit card/account if any suspicious activity has occurred or if you shared credentials.
• File a Police Complaint:** Register a complaint with the cybercrime cell by calling 1930 or visiting www.cybercrime.gov.in. Provide all details of the scam.
• Uninstall Remote Access Apps:** Delete any screen-sharing applications you may have installed. Consider a factory reset of your phone if you are concerned about persistent malware.