Fraudsters unlocking new ways of stealing money; Explore ways on how to stay safe
Scammers are now luring victims to share their confidential banking and personal information using social engineering tactics. They are enticing their targets through a combination of too good to be true offers, promise of help and sometimes even through threats.
There has been a rapid surge in usage of digital platforms for making payments and other banking transactions. While this has led to a significant improvement in customer convenience, fraudsters have also become motivated to use digital routes to steal money. As the ease of doing financial transactions improved, attempts to fraud the customers have equally been straight through. Seamless transaction flow gives no time to customer if he/she authorises the transaction in favour of fraudsters.
The digital frauds have seen a makeover especially since the beginning of the pandemic and are now becoming sophisticated enough to gain people's trust. Fraudsters are using innovative methods to defraud common and gullible individuals, including those who are and are not entirely familiar with the techno-financial ecosystem. Scammers are generally concentrated in peripheral areas around metros and urban centres to avoid actions from metro/urban police and law enforcement agencies.
Bankers and law enforcement officials have been receiving reports/complaints in recent months about customers falling prey to cyber frauds in the name of KYC update, fake marketplace listings, job scams, and false customer care numbers. The usual modus operandi in such cases include receipt of unsolicited calls, text messages, e-mails, etc. with a link urging customers to share details of their bank accounts, login credentials, card information, PINs, and OTPs. Sometimes unauthorized and unverified mobile apps are used to take control of the victim's phone to gain access to confidential information.
In such attacks, imposters call or approach the customers pretending to be bankers / insurance agents / healthcare workers / government officials or local shopkeepers. They seek confirmation of the secure credentials by sharing details such as name / date of birth to gain confidence and offers critical and essential services. Even they send customized payment link to customers for making payment in return of service.
In some cases, the imposters even put pressure on customers to share confidential details urgently citing emergency, supply shortage of critical medical care products, account blocking, and similar other threats. These credentials are then used to defraud the customers. It should be noted that customers are not required to authenticate through OTP or PIN for receiving any money in their bank accounts and any such request for OTP/PIN should raise an alarm.
Today, the fraudsters have extended their modus operandi, whereby they are even availing loans impersonating as genuine customer by using the credentials which are provided by genuine customers to agents in the market for availing loans, services, mobile connection, updating records in the existing facility, etc. It is important that while providing such documents to any agents etc., purpose for the submission should clearly be mentioned on the face of document.
The bank has zero tolerance on any misconduct, financial or otherwise and actions by updating such records in the industry and internal data base; the bank also reports to law enforcement agencies for taking appropriate action.
Many of the online frauds are now being perpetrated during weekdays and working hours to trick customers into believing that the calls and offers are legitimate. A fraud dispute time analysis by HDFC Bank revealed that in the first three months of this financial year, 65-70 per cent of cyber frauds happened between 7.00 AM and 7.00 PM. The findings further revealed that 80-85 per cent of the affected customers were in the age group 22-50, and supposedly belonged to the more tech savvy age bracket.
The Union Ministry of Home Affairs, with effect from June 17, 2021, has operationalized a centralised helpline number, 155260, and a reporting platform where victims can report incidents of cyber fraud. The helpline is manned by respective state police and reported incidents are handled through the citizen financial cyber fraud reporting and management system, which is integrated with law enforcement agencies, banks, and financial institutions.
Additionally, HDFC Bank has been doing secure banking campaigns through social media, text messages, e-mails, and periodic notifications to its customers, largely focusing on latest fraud modus operandi with dos and don'ts on digital banking.
Here is a snapshot of some of the digital frauds, the modus operandi and how one can protect himself/herself from such frauds:
Fraudsters create a third-party website, which looks like a genuine website. Links of such website are then shared through text messages, emails, and social media platforms. When customers click those links, they get directed to phishing website where they are lured to enter secure and confidential information. As soon as the details are entered, those get captured by the fraudsters who then use it to steal money.
Precaution: Do not click unknown links and delete unknown texts/emails that promise too good to be true offers.
Imposters call customers pretending to be bankers, insurance agents, government officials, etc. and seek confirmation of secure credentials after gaining confidence. These credentials are then used to defraud the customers.
Precaution: Do not share confidential information with anyone since bank officials/financial institutions never ask customers for such information.
Frauds while using search engines
Customers often use search engines for contact details of their banks, insurance companies, Aadhar service centres, etc. and sometimes end up contacting unknown and unverified contact numbers displayed on those search engines. These contact details on search engines are often camouflaged by fraudsters to attract victims.
Precaution: Avoid search engines and use official websites of banks/companies to get contact details.
Scam through QR scan
Fraudsters often contact customers under various pretext and trick them into scanning QR codes using payment apps. This allows the fraudsters to withdraw money from customer's account.
Precaution: Be cautious while scanning any QR code using payment apps. QR codes have embedded account details in them to transfer amount to a particular account.
Impersonating through social media
Fraudsters create fake accounts on popular social media platforms and often impersonate and pretend to be one of your friends by using photographs and details that are publicly available. They then send requests asking for money for urgent medical purposes, emergencies, etc.
Precaution: Do not share personal and confidential information on social media platforms. Also, it is wise to verify genuineness of help requests with friends/family members via phone calls or physical meetings before transferring funds.
The charging port of a mobile phone can also be used for transfer of files/data. Juice jacking is a cyber stealing where once your mobile phone is connected to unknown/unverified charging ports, fraudsters can gain access and steal sensitive data, emails, text messages, saved passwords through malware.
Precaution: Avoid using public/unknown charging ports. It is also advisable to not save passwords and other confidential information on mobile phone.
Online job fraud
Fake job portals are created and when victims share secure credentials of bank accounts/credit cards/debit cards on these websites for registration, the accounts get compromised.
Precaution: Genuine companies offering jobs will never ask for money, hence do not make payments on unknown job portals.
SIM swap/SIM cloning fraud
As most of your account details and authentication messages are connected to your registered mobile number, fraudsters try to gain access to the SIM card. Sometimes they clone and make a duplicate SIM card to carry out digital transactions using OTP received on such duplicate SIMs. Fraudsters generally call customers by posing as an official from a mobile services company and request details for free upgrade of SIM card.
Precaution: Do not share details pertaining to SIM card to unknown callers. You should also get suspicious if you don't have mobile network in your phone for a considerable period of time in a regular environment and contact your mobile operator to ensure that no duplicate SIM has been issued for your SIM.
(The author is Head Credit Intelligence and Control, HDFC Bank)