SIM Swap
Under SIM Swap, fraudsters manage to get a new SIM card issued against your registered mobile number through the mobile service provider. With the help of this new SIM card, they get One Time Password (OTP) and alerts, required for making financial transactions through your bank account.
1. How do fraudsters operate?
- Step – 1 : Fraudsters gather customer’s personal information through Phishing, Vishing, Smishing or any other means.
- Step – 2 : They then approach the mobile operator and get the SIM blocked. After this, they visit the mobile operator`s retail outlet with the fake ID proof posing as the customer.
- Step – 3 : The mobile operator deactivates the genuine SIM card and issues a new one to the fraudster.
- Step – 4 :Fraudster then generates One Time Password (OTP) required to facilitate transactions using the stolen banking information. This OTP is received on the new SIM held by the fraudster.
2. How to protect yourself from fraud?
- If your mobile no. has stopped working for a longer than usual period, enquire with your mobile operator to make sure you haven`t fallen victim to the Scam.
- Register for SMS and Email Alerts to stay informed about the activities in your bank account.
- Regularly check your bank statements and transaction history for any irregularities.
Vishing
Vishing is one such attempt where fraudsters try to seek your personal information like Customer ID, Net Banking password, ATM PIN, OTP, Card expiry date, CVV etc. through a phone call.
1. How do fraudsters operate?
- Step – 1 : The fraudster poses as an employee from the bank or a Government / Financial institution and ask customers for their personal information.
- Step – 2 : They cite varied reasons as to why they need this information. For e.g. reactivation of account, encashing of reward points, sending a new card, linking the Account with Aadhar, etc.
- Step – 3 : These details thus obtained are then used to conduct fraudulent activities/ transactions on the customer’s account without their knowledge.
2. How to protect yourself from fraud?
- Never share any personal information like Customer ID, ATM PIN, OTP etc. over the phone, SMS or email.
- If in doubt, call on the Phone Banking number of your Bank.
Smishing
Smishing is a type of fraud that uses mobile phone text messages to lure victims into calling back on a fraudulent phone number, visiting fraudulent websites or downloading malicious content via phone or web.
1. How do fraudsters operate?
- Step – 1 : Fraudsters send SMS intimating customer’s of prize money, lottery, job offers etc. and requesting them to share their Card or Account credentials.
- Step – 2 : Unaware, the customer’s follow instructions to visit a website, call a phone number or download malicious content.
- Step – 3 : Details thus shared with the person who initiated the SMS are then used to conduct fraudulent transactions on customer’s account, causing them financial loss.
2. How to protect yourself from fraud?
- Never share your personal information or financial information via SMS, call or email.
- Do not follow the instructions as mentioned in SMS sent from un-trusted source, delete such SMS instantly.
Phishing
What do you do when you come across emails that seem suspicious? Phishing is a type of fraud that involves stealing personal information such as Customer ID, IPIN, Credit/Debit Card number, Card expiry date, CVV number, etc. through emails that appear to be from a legitimate source. Nowadays, phishers also use phone (voice phishing) and SMS (Smishing).
1. How do fraudsters operate?
- Fraudsters pose as Bank officials and send fake emails to customers, asking them to urgently verify or update their account information by clicking on a link in the email.
- Clicking on the link diverts the customer to a fake website that looks like the official Bank website – with a web form to fill in his/her personal information.
- Information so acquired is then used to conduct fraudulent transactions on the customer’s account.
2. How to protect yourself from fraud?
- Verify the URL of the webpage. The ‘s’ at the end of ‘https://’ stands for ‘secure’ - meaning the page is secured with an encryption. Most fake web addresses start with ‘http://’. Beware of such websites!
- Check the Padlock symbol. This depicts the existence of a security certificate, also called the digital certificate for that website.
Establish the authenticity of the website by verifying its digital certificate. To do so, go to File > Properties > Certificates or double click on the Padlock symbol at the upper right or bottom corner of your browser window.How to protect yourself from Phishing:
- Always check the web address carefully
- For logging in, always type the website address in your web browser address bar.
- Always check for the Padlock icon at the upper or bottom right corner of the webpage to be ‘On’.
- Install the latest anti-virus/anti spyware/firewall/security patches on your computer or mobile phones.
- Always use non-admin user ID for routine work on your computer.
- DO NOT click on any suspicious link in your email.
- DO NOT provide any confidential information via email, even if the request seems to be from authorities like Income Tax Department, Visa or MasterCard etc.
- DO NOT open unexpected email attachments or instant message download links.
- DO NOT access Net Banking or make payments using your Credit/Debit Card from computers in public places like cyber cafés or even from unprotected mobile phones.
Money Mule
Money Mule is a term used to describe innocent victims who are duped by fraudsters into laundering stolen/illegal money via their bank account(s). When such incidents are reported, the money mule becomes the target of police investigations, due to their involvement.
1. How do fraudsters operate?
- Step – 1 : Fraudsters contact customers via emails, chat rooms, job websites or blogs, and convince them to receive money into their bank accounts, in exchange of attractive commissions.
- Step – 2 : The fraudsters then transfer the illegal money into the money mule’s account.
- Step – 3 : The money mule is then directed to transfer the money to another money mule’s account – starting a chain that ultimately results in the money getting transferred to the fraudster’s account.
- When such frauds are reported, the money mule becomes the target of police investigations
2. How to protect yourself from fraud?
- Do not respond to emails asking for your bank account details.
- For any overseas job offer, first confirm the identity and contact details of the employing company.
- Do not get carried away by attractive offers/commissions or consent to receive unauthorized money
Trojan
A Trojan is a harmful piece of software that users are typically tricked into loading and executing on their computers. After it is installed and activated, Trojan attacks the computer leading to deletion of files, data theft, or activation/spread of viruses. Trojans can also create back doors to give access to hackers.
1. How do fraudsters operate?
- Step – 1 : Fraudsters use spamming techniques to send e-mails to numerous unsuspecting people.
- Step – 2 : Customers who open or download the attachment in these emails get their computers infected.
- Step – 3 : When the customer performs account/card related transactions, the Trojan steals personal information and sends them to fraudsters.
- These details will then be used to conduct fraudulent transactions on the customer’s account.
2. How to protect yourself from fraud?
- Never open e-mails or download attachments from unknown senders. Simply delete such emails.
- Installing antivirus helps. It scans every file you download and protects you from malicious files.
- Enable automatic OS updates or download OS patch updates regularly to keep your Operating System patched against known vulnerabilities.
- Install patches from software manufacturers as soon as they are distributed. A fully patched computer behind a firewall is the best defense against Trojan.
- Download and use the latest version of your browser.
- If your computer gets infected with a Trojan, disconnect your Internet connection and remove the files in question with an antivirus program or by reinstalling your operating system.If necessary, get your computer serviced.
Secure Net-Banking Tips
- Keep your Customer ID and password confidential and do not disclose it to anybody.
- Change your password as soon as you receive it by logging into your Net Banking account. Memorize your password, do not write it down anywhere.
- Avoid accessing internet banking from shared computer networks such as cyber cafes or public Wifi network like hotel/airport etc.
- Do not click on links in the emails or sites other than the genuine net banking site of your Bank to access your Net Banking webpage.
- Always visit the Bank`s Net Banking site through Bank`s home page by typing the bank`s website address on to the browser`s address bar.
- Always verify the authenticity of the Bank`s Net Banking webpage by checking its URL and the PAD Lock symbol at the bottom corner of the browser.
- Disable "Auto Complete" feature on your browser.
- Uncheck "User names and passwords on forms", click on "Clear Passwords".
- Click "OK".
- Use virtual keyboard feature while logging into your internet banking account.
- Do cross check your last login information available on Net Banking upon every login to ascertain your last login and monitor any unauthorized logins.
- Always type in your confidential account information. Do not copy paste it.
- Monitor your transactions regularly. Use Bank`s Alerts service and bring any fraudulent transaction to the notice of the bank.
- Always logout when you exit Net Banking. Do not directly close the browser.
Secure ATM Banking
- Memorize your PIN. Do not write it down anywhere, and certainly never on the card itself.
- Do not share your PIN or card with anyone including Bank employees, not even your friends or family. Change your PIN regularly.
- Stand close to the ATM machine and use your body and hand to shield the keypad as you enter the PIN. Beware of strangers around the ATM who try to engage you in any conversation.
- Do not take help from strangers for using the ATM card or handling your cash.
- Do not conduct any transaction if you find any unusual device connected to your ATM machine.
- Press the `Cancel` key and wait for the welcome screen before moving away from the ATM. Remember to take your card and transaction slip with you.
- If you get a transaction slip, shred it immediately after use if not needed.
- If your ATM card is lost or stolen, report it to your bank immediately.
- When you deposit a cheque or card into your ATM, check the credit entry in your account after a couple of days. If there is any discrepancy, report it to your bank.
- Register your mobile number with the Bank to get alerts for your transactions.
- If your card gets stuck in the ATM, or if cash is not dispensed after you keying in a transaction, call your bank immediately.
- If you have any complaint about your ATM/Debit/Credit card transaction at an ATM, you must take it up with the bank.
Secure Phone Banking
While talking to the Phone Banking officer, never disclose the following:
- 4 digit ATM/IVR PIN.
- OTP.
- Net Banking password.
- CVV (Card Verification Value).
- Ensure that no one sees you entering you PIN (personal identification number).
- Avoid giving verification details to the Phone Banking officer while in public places.
- The Phone Banking channel is meant to be used by the account holder only. Do not transfer the line or hand over the phone to any other person after you complete self-authentication.
Secure Online Shopping tips
- Always shop or make payments through trusted/reputed websites.
- Do not click on links in emails. Always type the URL in the address bar of the browser.
- Before entering your private details, always check the URL of the site you are on!
- If you are a frequent online shopper, signup for Verify by Visa and Master Card secure code program.
- Check your account statements regularly and bring any fraudulent transaction to the notice of the bank.
- Check for PAD LOCK symbol on the webpage before starting to transact.
- Do not click on links in emails or on referral websites to visit the online shopping site. Always type the URL in the address bar.
- Do not enter your confidential account information such as Credit Card Numbers, Expiry Date, CVV values, etc. on any pop-up windows.
- Use One Time Password (OTP) received on the mobile phone instead of static Visa and Master Card secure code password as OTP are more secure.