Population at risk of cyber crime is much bigger. While the government has sharpened its focus Vikaas M Sachdeva, CEO of a well-known asset management company, was in a rude shock the other day. Upon waking up, he found out his entire Paytm balance of over Rs 5,000 got transferred to an entity called Balaji Juice Centre around midnight while he was asleep at home. And this happened without his knowledge. This is just one of the thousands of cases where cyber fraudsters use tricks to steal your hard-earned money. The cybercriminals can use high-tech gadgets to fool you, impersonate someone else so that you disclose information. The online cheaters simply try to send you emails/ SMSes so that you are compelled to reply and share information. With Internet access present in a large number of phones in our country, today the all those who use credit or debit cards or electronic wallets or net banking are prone to risk of cyber crime. Customers of banks, unknowingly on many occasions, often exposed to fraudsters as they use several tools to snatch information about you.
With 'Digital India' encouraging digital banking across the country, cyber crime is also alarmingly expanding. Unfortunately, the general public has not been educated enough on the various risks involved in online transactions. Let us have a closer look at different types of cyber frauds and tell you how can you avoid falling prey. Read on.
Frauds in banking
In 2017-18, there were over 2,000 cases of card/ internet fraud reported. This formed 34.8 per cent of fraud cases. The amount involved in card/ internet fraud was about Rs 110 crore. While the RBI has asked banks to prepare robust IT systems, the fact of the matter is that cyber attacks and cyber frauds continue to happen. The high profile cyber-attacks, theft of customer information and fraudulent use of net banking and skimming of debit/credit cards show that sometimes the customer unknowingly exposes himself/herself to a potential fraudster.
The RBI says that data on frauds are currently collected from payment system operators. "There is a need to monitor the types of frauds that may be taking place in various payment systems in order to further strengthen the confidence in the payment systems and minimize instances of fraud. Accordingly, a comprehensive framework for the collection of data on frauds in payment systems would be drawn up in consultation with the industry," the banking regulator said in its 2018-19 annual report.
The Reserve Bank of India (RBI) had earlier limited customer liability for unauthorized electronic banking transactions carried through Scheduled Commercial Banks (including RRBs), small finance banks, payment banks, co-operative banks, and non-bank credit card issuers. This framework was extended to unauthorized electronic payment transactions involving Prepaid Payment Instruments (PPIs), issued by authorized non-bank PPI issuers with effect from March 1, 2019. These guidelines prescribe the limits up to which a customer may bear liability against contributory frauds, negligence/ deficiency on part of non-bank PPI issuer, third party breach where the deficiency lies with neither the issuer nor the customer, and scenarios in which the loss is due to the negligence of the customer. It specifies the time limit for reporting unauthorized electronic transactions and prescribes the liability accordingly.
Different types of frauds
Identity Theft: This is a fraud that could leave you without any funds in a matter of minutes. Identity theft occurs when someone wrongfully uses your personal information to obtain credit, loans, and services in your name. How do fraudsters operate? They try to gather customer’s details through Phishing, Vishing, Smishing or any other means. Next, they call customers and try to collect details by posing as bank staff, RBI staff, some government agency staff or some other name. Some fraudsters might even visit customers with a fake card and might swap it with the live card of the customer, without their knowledge.
How to protect yourself?
Number one rule is to destroy any piece of paper holding details of your identity. Two, no sharing of information. Never share your personal information with a stranger or any third party, posing as any representative. Three, update your official records whenever you change your contact numbers, address or email ID.
Phishing: This is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. With WhatsApp and Facebook channels, today cyber fraudsters can phish almost anyone. The recipient is tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information. Ultimately, phishing leads to unauthorized purchases, the stealing of funds, or identify theft.
How to protect yourself? Number one rule is do not believe anybody easily. Always be suspicious. The fraudster can pose as an employee from a bank or a government or reputed financial institution (like LIC) or even regulators (like SEBI, RBI, PFRDA, IRDAI, etc.) and ask customers for their personal information. Number 2 you should always tell them you will verify their credentials and call them back. The fraudster uses their tools and skills to force you to share information immediately. Do not fall for this trick. If they say that 'the information' is needed for reactivation of account, encashing of reward points, sending a new card, etc., tell them you will yourself check it up with the organization concerned. If you get messages or SMSes, check with the company concerned yourself by preferably visiting the place. If you are physically not very active, ask somebody you know to visit the place on their own.
Vishing: Vishing stands for phishing with 'Voice' (V). The Modus Operandi here is a phone call, followed by attempts to force you to share information. This is a type of fraud where fraudsters try to seek your personal information like Customer ID, Net Banking password, ATM PIN, OTP, Card expiry date, CVV, etc. through a phone call. In the case of emails, messages, etc. you have to be online to share such information. In case of Vishing, any person who is at a phone call can be targetted. In most cases, the fraudsters will try to convince you that if you share the information there will be an instant benefit such as account re-activation, prize, cashback, rewards, etc.
Measures to avoid online cheaters
How to protect yourself? It is very easy to avoid being the target of Vishing. Do not give any details. Never share any personal information like Customer ID, ATM PIN, OTP, etc. over the phone, SMS or email. If in doubt, call official concerned at the company or call centre. Do not search for the call centre number on the internet. Try to look at the documents given by the company when you purchased or used the service. The contact numbers should be printed in one of the documents.
Email spoofs: Have you ever received a suspicious-looking email? It could be an email spoof. In this type of fraud, the fraudster sends an impersonation e-mail claiming to be an established legitimate business entity in an attempt to deceive the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information. How does the fraudster get the information? Victims share the information! This usually happens after the spoofed email is sent to you and you visit the specified website by clicking on that email. The website, however, is not genuine and was set up only as an attempt to steal the user's information. Do remember such websites look very authentic and may use the official logo, etc.
How to protect yourself? If you get an email from a company or a person asking for any information, ignore it. If you want to confirm whether the email is authentic, call up the company concerned or visit their branch. Verify that the email was indeed sent by them and find out what is the purpose of sending the email. Email spoofs are one of the most popular ways used by fraudsters. So, beware of such emails, which can also come in the form of messages, etc.
ATM card fraud: A new type of fraud is targetting ATM card users. In this, the Modus Operandi is the ATM itself. Criminals attach a device inside of an ATM. So, when you walk into the ATM, the device captures your finger movements on ATM. The malicious device can even record a video of the ATM transaction. Thus, your card PIN is known by the fraudsters. This is part-1 of the fraud. And the Part 2 of the fraud is also facilitated by an illegal device attached to the ATM. As you slide your credit or debit card into a compromised ATM machine, a card skimmer reads the magnetic strip on your card and stores the card number. Your PIN has already been captured. Sometimes, fraudsters use a fake keypad that is placed over the real ATM keypad. In this way, fraudsters collect such information and usually sell them online.
How to avoid it? You’re most likely to see these devices at gas pumps, ATMs. If your card leaves your sight at a restaurant or department store, an employee could use a skimmer to get your card info as well. So, do not use your card at any unknown location whatever be the need. Try to pay by cash at unknown locations. If you are suspicious about an ATM or card reader machine, it is best to avoid using your card there.
Basic tricks that can save you
Many people avoid being defrauded by simply being cautious when making online transactions. They are very careful when using debit/ credit cards at retail outlets or petrol pumps.
Just like you will not talk to strangers, use shopping or banking websites or apps only on a device that belongs to you. Totally avoid using a friend’s phone, a public computer, a cyber cafe or free Wi-Fi for sensitive browsing. Remember, that the fraudsters today require data, which can be stolen or copied.
Remember that even if you delete data from your device, it can still be recovered using high-tech tools. So, be careful when giving your device such as mobile or laptop for servicing or repairing or at the time of selling. Delete all the data and restore the device to its factory settings before handing it over.
In terms of safe banking practices, consumers can insulate themselves against financial fraud risks by ensuring passwords are changed regularly. Always make passwords complex and unique. If there is a facility to enable a two-step authentication process and real-time alerts, activate them.
Consumer frauds too gaining pace
It's not always easy to spot con artists. They're smart, extremely persuasive, and aggressive. They invade your home by telephone and email, etc. Most people think they're too smart to fall for a scam. But, con artists rob all kinds of people - from investment counselors and doctors to teenagers and elderly widows - of crores of rupees every year.
The best way to identify fraud is simple. If it sounds too good to be true, it probably is. The moment you realize you are a victim of fraud, report it to the police, your city or state consumer protection office, or a consumer advocacy group.
According to various police officials, there are certain tips to stop credit card fraud when buying online:
1. Make sure your web browser is set to the highest level of security notification and monitoring. These options are not always automatically activated when your computer is set-up, so check your manual or the 'Help' option.
2. Check whether you are using a recent version of your web-browser as they often include better security features - up-to-date versions can be downloaded free from the Microsoft or Netscape websites.
3. Before purchasing from a website, make a record of the retailer's contact details, including the street address and landline phone number. If these details are not available on the website, consider going elsewhere to buy, do not rely on the e-mail address alone.
4. Do not enter personal details unless the security icon is displayed (this is a small padlock that normally appears at the bottom of your browser when you begin your transaction over the Internet). You can click on the padlock to see if the retailer has an encryption certificate. This should explain the type and extent of security and encryption it uses. Only use companies that have an encryption certificate and use secure transaction technology. The address of the page where you enter personal details should also start with https://.
5. If you have any queries or concerns, call the company before giving them your card details to reassure yourself that it is legitimate.
6. Print out your order and consider keeping copies of the retailer's terms and conditions and returns policy. Be aware that there may well be additional charges such as postage and taxes. When buying from overseas always err on the side of caution and remember that it may be difficult to seek redress if problems arise.
7. Check statements from your bank or card issuer carefully as soon as you receive them. Raise any discrepancies with the retailer concerned in the first instance. If you find any transaction on your statement that you are certain you did not make, contact your card issuer immediately.
8. Ensure that you are fully aware of any payment commitments you are entering into, including whether you are instructing a single payment or a series of payments.
9. Never disclose your card's PIN number to anyone, including people claiming to be from your bank or the police, and never write it down or send it over the Internet.
10. If you have any doubts about using your card, find another method of payment.
(The writer is a journalist with 14 years of experience)