With hackers increasingly targeting bank customers, State Bank of India has now come up with a guide for the public to help them stay informed and carry out transactions safely in the digital world.
The fourth edition of ‘SBI Hive’ highlights the common types of frauds that hackers usually resort to for duping people. It also highlights how one can stay vigilant by following the precautions as outlined in the guide. This way, bank customers can keep their information and finances safe from hackers, SBI said.
COMMON TYPES OF FRAUDS
SBI Hive highlighted 14 types of frauds that hackers mostly use for gathering information and stealing money.
1] Pending Electricity Bill: This involves the hacker making fraudulent calls about pending electricity bills and/or payment not updated. Once the unsuspecting customer falls into the trap, the hackers ask them to either make a token payment and/or share a one-time password (OTP). When the customer shares the OTP, his/her account is compromised.
2] Order Cancellation Fraud: This typically involves hackers approaching people as delivery boys with cash on delivery (COD) options. Where the recipient denies having placed any order, the delivery boys ask for an OTP for cancellation. Once the OTP is shared, the customer’s account is automatically debited.
3] Refund Of Tax: The hackers target unsuspecting victims with fake messages or mails disguised to mislead as genuine communication from the income tax department. The victims are directed to a fake website of the income tax department. Once the victim submits the bank details and other sensitive information, the hackers compromise the victim’s account.
4] Lottery Scam: In this case, the victim receives mail and/or SMS informing them as winners of lottery money and/or gift card. The hacker also asks for sensitive personal information to facilitate the transfer of the gift card or lottery money, which is typically misused for carrying out financial transactions and defrauding the victim.
5] Fake Social Media Handles: In this case, hackers bait victims to reveal their account details and other personal information through handles and accounts on social media. Typically, they will use words such as UPI, NPCI, BHIM or other banking or government bodies to come across as genuine handles of these organisations. Once the unsuspecting victims furnishes the details, the information is misused for carrying out financial transactions.
6] Remote Desktop Sharing: Here, the victim receives an SMS, email, call asking for ‘know-your-customer’ (KYC) updation, account and/or card activation or any other services. They are also persuaded to download screen sharing apps, such as Team Viewer, or any other desktop app. Then, hackers impersonating as bank officials ask for a passcode, which once shared, gives them access to the victim’s mobile and/or computers. Fraudsters can then transfer money by using UPI or other payment app or OTP.
7] Fake Customer Care Number: This modus operandi involves sending the victim SMS and/or email warning them of either blocking their account, card, or Netbanking facility due to non-updation of KYC documents. The SMS or email typically contains a link of a fake customer care number. Once the victims shares the details (OTP, card number, date of birth) to the hacker on the fake customer care number thinking it to be part of the verification process, the victim’s account gets compromised.
8] UPI Frauds: Here, the fraudsters send fake link with option for ‘request money’. Once users click on this link, it will ask for the UPI PIN or to scan a QR Code. Where the victim proceeds with either of the action, his account gets debited.
9] Debit/Credit Card Fraud With Reward Point Attacks: This begins with a call to the debit and/or credit card holder asking them to redeem their reward and/or loyalty points as these are ‘limited time’ offers and could end soon. Card holders are also asked to provide their card details and OTP. Once the victim shares the sensitive details, hackers defraud them.
10] Fake Websites: Hackers usually create fake websites of reputed brands with subtle changes that one could miss. They also mask the IP address of these fake websites with various tools and applications. Lastly, they approach unsuspecting customers with options of selling franchises of these reputed and genuine brands through their fake websites fraudulently.
11] Fraud Without OTP By Breaching Aadhaar, Fingerprint: This typically involves downloading land records data from land record websites of various states. Once that is done, they steal data, such as thumb impression, Aadhaar and so on, which are then used to breach fingerprint and Aadhaar details using various IT Tools to commit financial fraud.
12] Free Download Of Movie Through WhatsApp: This method involves sending links to the victim on WhatsApp to download movies for free. Once the victim clicks on the link, the hackers get access to the user’s phone. Hackers then steal bank details and other confidential information for committing financial misuse or theft.
13] Fake Voice Calls From Relatives, Friends Asking For Money: Here, the hackers first gather videos and contact number of the victim’s social circle from their social media account. They use technologies, such as SaaS to create deepfake voice signature of the relatives. Lastly, they approach the victim with pleas for urgently transferring money to a specified account or on a link they share with the victim.
14] Offer Of Free Electronic Items: Here, the hackers call and/or send SMS to the victims offering electronic items for free. They steal financial information for further misuse and fraud.
SAFETY POINTS
SBI Hive also highlighted a bunch of safety points that users should keep in mind to stay safe. These are:
Never instal or do any transaction while on call.
Do not instal any app on your mobile on the advice of any unknown person
Do not click on links and open e mail attachments from unknown sender
Avoid doing financial transaction with public Wi Fi connection
Do not respond to unsolicited sales, marketing or outreach messages
Do not store bank account number or PIN on mobile
Verify the identity of caller and always be suspicious of any person asking for personal or financial details over phone
Always verify the authenticity of e-Commerce websites before performing the transactions
Mobile PIN and UPI PIN should be different and random
Do not call on phone numbers that are provided in online ads, pop up window, email etc.
Enable SMS alert on your account to get regular updates
Be alert while performing transaction in ATM or POS Machine. Cover the keypad while entering the PIN
IF FRAUD HAPPENS
Where fraud happens, customers should immediately change their passwords, block the cards and report the incident to the financial institution or organisation. They should also report the same to the cybercrime authorities at cybercrime.gov.in or call on 1930.
