RBI issues a warning about a mobile app. Why?

The Reserve Bank of India and the National Payment Corporation of India (NPCI — the organization responsible for UPI and Rupay payment network) have issued separate warnings about the Anydesk mobile app. Anydesk is one of the widely popular remote screen sharing application used by a lot of big companies (7000+ according to them) across the world. So what exactly is the problem?

Anydesk for Android

Like with any other Cyber Security issue, the problem here is not with the application itself but rather on the user education. In its advisory NPCI has clearly stated the modus operandi of the scam.

Fraudster would lure the victim on some pretext to download an app called ‘AnyDesk’ from Playstore or Appstore.
The app code (9-digit number) would be generated on victim’s device which the fraudster would ask the victim to share.
Once fraudster inserts this app code (9-digit number) on his device, he would ask the victim to grant certain permissions which are similar to what are required while using other apps.
Post this, fraudster will gain access to victim’s device.
Further the mobile app credential is vished from the customer and the fraudster then can carry out transactions through the mobile app already installed on the customer’s device.

The problem is that any remote screen sharing apps can be used for this scam. But other such apps require a complex setup whereas Anydesk is easy to use. And the same ease of use makes it the favorite of the scamsters.

What can I do?

Understand before you share any detail anywhere!

I do know the problems associated with it. Someone who has a technical knowledge will understand what this is all about. But given that smartphones are now with everyone irrespective of their education, it becomes our duty to explain the tidbits of being safe online to our friends and family. Education is the best weapon against cyber attacks.