During the COVID-19-induced lockdowns, digital modes of payments have seen a lot of traction. Customers benefit from digital payments because they make financial transactions easier. However, this also invited many fraudsters to make use of gaps and dupe the customers in different ways. To make banking customers aware of digital payments-related frauds, the Reserve bank of India has released a booklet that throws light on the modus operandi of such scamsters and what precautions customers should before making financial transactions.
1. How does Phishing hacks work
Fraudsters create a phishing website that appears to be a legitimate website, such as a bank’s website, an e-commerce website, a search engine, and so on. Fraudsters distribute links to these websites by SMS, social media, email, and Instant Messenger, among other methods.
Many clients click on the link without first checking the Uniform Resource Locator (URL) and enter security credentials such as a Personal Identification Number (PIN), One Time Password (OTP), Password, and so on, which are collected and utilised by fraudsters.
2. How does Vishing work
Imposters acting as bankers, firm executives, insurance agents, government officials, and others call or approach customers over the phone or over social media. Imposters disclose a few consumer facts, such as the customer’s name or date of birth, to win trust.
Imposters may pressure or trick customers into sharing confidential information such as passwords, OTPs, PINs, and Card Verification Values (CVVs) by citing an urgency / emergency such as the need to block an unauthorised transaction, payment required to avoid a penalty, or an attractive discount, among other things. Customers are then defrauded using these credentials.
3. Frauds using online sales platforms
On online sales platforms, fraudsters pose as purchasers and express an interest in the seller’s product(s). several fraudsters pose as defence personnel stationed in remote regions to gain trust.
Instead of paying the seller, they use the Unified Payments Interface (UPI) app’s “request money” option and demand that the seller authorise the request by entering the UPI PIN. Money is transferred to the fraudster’s account whenever the seller inputs the PIN.
4. Frauds due to the use of unknown/unverified mobile apps
According to RBI, fraudsters circulate through SMS, email, social media, Instant Messenger, etc., certain app links, masked to appear similar to the existing apps of authorised entities. Fraudsters trick the customer to click on such links which results in downloading of unknown / unverified apps on the customer’s mobile, laptop, desktop, etc.,
Once the malicious application is downloaded, the fraudster gains complete access to the customer’s device. These include confidential details stored on the device and messages / OTPs received before / after installation of such apps.
5. ATM card skimming
Skimming devices are installed in ATM machines by fraudsters who take data from the customer’s card. According to the RBI release, “Fraudsters may also install a dummy keypad or a small / pinhole camera, well-hidden from plain sight to capture ATM PIN. ? Sometimes, fraudsters pretending to be other customer standing near-by gain access to the PIN when the customer enters it in an ATM machine. This data is then used to create a duplicate card and withdraw money from the customer’s account.”
6. Frauds using screen sharing app / Remote access
RBI warns customers stating the procedure that “Fraudsters trick the customer to download a screen-sharing app. Using such an app, the fraudsters can watch/control the customer’s mobile / laptop and gain access to the financial credentials of the customer. Fraudsters use this information to carry out unauthorised transfer of funds or make payments using the customer’s Internet banking/payment apps.”
7. SIM swap or SIM cloning
In cases like SIM swap or SIM cloning, “Fraudsters may obtain a duplicate Subscriber Identity Module (SIM) card (including electronic-SIM) for the registered mobile number linked to the customer’s bank account by gaining access to the customer’s Subscriber Identity Module (SIM) card,” states RBI.
Fraudsters use the OTP received on such duplicate SIM to carry out unauthorised transactions. Fraudsters generally collect the personal / identity details from the customer by posing as a telephone / mobile network staff and request the customer details in the name of offers such as – to provide free upgrade of SIM card from 3G to 4G or to provide additional benefits on the SIM card.
8. Frauds by compromising credentials on results through search engines
Customers use search engines to find contact information for their bank, insurance company, Aadhaar updation centre, and other businesses. These contact details on search engines are frequently modified to appear as if they belong to the respective entity by scammers.
“Customers may end up contacting unknown/unverified contact numbers of the fraudsters displayed as bank/company’s contact numbers of the fraudsters displayed as bank/company’s contact numbers on search engine. Once the customers call on these contact numbers, the imposters ask the customers to share their card credentials/details for verification. Assuming the fraudster to be a genuine representative of the RE, customers share their security details and thus fall prey to frauds.” RBI states in its booklet.
9. Scam through QR code scan
RBI explained how scam through QR code works, “Fraudsters often contact customers under various pretexts and trick them into scanning Quick Response (QR) codes using the apps on the customers’ phone. By scanning such QR codes, customers may unknowingly authorise the fraudsters to withdraw money from their account”.
With lots of people spending time on social media and updating their details has made fraudsters easy to get details to dupe the people. As per the RBI booklet, “Fraudsters create fake accounts using details of the users of social media platforms such as Facebook, Instagram, Twitter, etc. Fraudsters then send a request to the users’ friends asking for money for urgent medical purposes, payments, etc. Fraudsters, using fake details, also contact users and gain users’ trust over a period of time. When the users’ share their personal or private information, the fraudsters use such information to blackmail or extort money from the users.”