RBI Ombudsman issues advisory to check frauds

There has been a sizable surge in usage of digital modes of payment during the recent years leading to improved customer convenience and to inching towards the national objective of financial inclusion. However, while this has improved the ease of doing financial transactions, co-incidentally, the number of frauds in retail financial transactions has also gone up. Concerned, the RBI Ombudsman has issued an advisory called “BE (A)WARE. A report by Tehelka Bureau

Most of the time, customers enter secure credentials by just having a glance and clicking at the link but not checking the detailed URL. When customers enter secure credentials on these websites, the same is captured and used by the fraudsters. The RBI says that one should not click unknown links and should delete the SMS or email immediately to avoid accessing them in future.Fraudsters have been using innovative methods to defraud the hard-earned money of common and gullible people, especially new entrants who are not entirely familiar with the techno-financial eco-system. The RBI has found that the phishing links modus operandi of fraudsters is to create a third-party website which looks like an existing genuine website, such as a bank’s website or e-commerce website or search engine, etc.

Also imposters call or approach the customers through telephone call or social media as bankers/company executives/insurance agents/government officials, etc., and seek confirmation of the secure credentials by sharing few details such as name or date of birth to gain confidence. These credentials are then used to defraud the customers as such these should never be shared.

Then there are frauds using Online Selling platforms. Fraudsters pretend to be buyers on online selling platforms and show interest in your product. Instead of paying money to you, they use “request money” option through UPI app and insist to approve the request to pull money from your bank account. Always remember, to receive money there is no need to enter your PIN /password anywhere. If UPI or any other app asks you to enter your PIN to complete transaction, it means you will end up sending money instead of receiving it.

Then there is ATM card skimming modus operandi. Fraudsters install skimming devices in ATM machines and steal data from your card. PIN is also captured by installing dummy keypad, small/pinhole camera which is well-hidden from plain sight. Sometimes, fraudsters pretend to be other customers standing nearby and gain access to your PIN while you enter it. This data is then used to create duplicate card and withdraw amount from customer’s account. One should verify to ensure that there is no extra device attached near card insertion slot or keypad of ATM machine while making transaction. Cover the keypad with your hand while entering your PIN. Do not enter the PIN in the presence of any other person standing close to you or share the card with anyone.

Some time, the fraudsters trick you to download screen sharing apps through which they can watch/control your mobile/laptop to gain access to your financial credentials. These people also use the trick of SIM Swap/SIM Cloning. As most of the account details and authentication is connected to your registered mobile number, fraudsters try to gain access to the SIM card or obtain duplicate SIM card for carrying out digital transactions using OTP received on such duplicate SIM. The RBI suggests that one should never share credentials pertaining to SIM card.

It has been observed that customers use search engines for obtaining contact details of their bank, insurance company, Aadhar updation centres, etc., and may end up contacting unknown/unverified contact numbers displayed on search engine. These contact details on search engines are often camouflaged by fraudsters to attract their victims towards them. Once the customers call them, the imposters ask the customers to give their card credentials / details for verification. Assuming this contact to be genuine, people compromise all their secure details and thus fall prey to frauds. The RBI advisory says “Avoid searching for customer care contact details on search engine. These are
often camouflaged by fraudsters”.

In some cases, the fraudsters contact customers under various pretexts and trick them into scanning QR codes using payment apps. This allows the fraudsters to withdraw money from customer’s account. QR codes have embedded account details in them to transfer amount to particular account. Such people create fake accounts on popular social media platforms like Facebook and Instagram. They send a request to your friends asking for money for urgent medical purposes, payments, etc. Always verify genuineness of fund request with the friend/relative or confirm by a phone call/physical meeting to be sure that the profile is not impersonated.

The fraudsters sometime outwit gullible people in the form of Juice Jacking Modus Operandi. Juice jacking is a type of cyber stealing, where, once your mobile is connected to unknown/unverified charging ports, unknown apps/malware are installed with which, the fraudsters can control/access/steal sensitive data, email, SMS, saved passwords. Always avoid using public/unknown charging ports/cables. Sometime fraudsters send email or make phone call that you have just won a huge lottery. The fraudsters ask to pay taxes upfront or pay the shipping charges, processing fee, etc., to receive the lottery/product. Do not make payments or share secure credentials for lottery calls/emails. Always doubt when you come across such unbelievable lottery or offers.

Fake job search portals are created and when victim shares secure credentials of bank account/credit card/debit card on these websites for registration, the account is compromised. In some cases, the fraudsters pose themselves as officials of a reputed company and confirm selection after doing fake interviews. The victim is incited into making payment for the mandatory training program, etc. Always remember that a genuine company offering job will never ask for money.

Fraudsters also create fake Advertisements for extending loans at very attractive low rates of interest or with easy repayment options or without any security requirement, etc., and ask the customers to contact them. When customers approach the fraudsters for loans, the fraudsters take various upfront charges like processing fee, GST, intercity charge, advance EMI, un-hold charges, etc., and abscond without disbursing the loans. Please remember the NBFC/Banker will never ask for an advance fee before the processing of loan application. The Banks / NBFCs charge a processing fee, which is deducted from the loan amount.

For Safe Internet Browsing

◆ Avoid visiting unsecured websites.

◆ Avoid using unknown browsers.

◆ Avoid saving passwords on public devices.

◆ Avoid entering secure credentials on unknown websites.

◆ Do not share private information with unknown persons.

◆ Always verify security of the page, in case an email or SMS link is redirected.

For safe Internet Banking

◆ Always use virtual keyboard on public devices since the keystrokes can also be captured through compromised devices, keyboard, etc.

◆ Log out of the internet banking session immediately after usage.

◆ Update passwords on periodic basis.

◆ Do not use same passwords for email and internet banking.

◆ Avoid using public terminals (viz. cyber café, etc.) for financial transactions.

For Password Security

◆ Use a combination of alphanumeric and special characters in your password.

◆ Keep two factor authentications for all your accounts if facility is available.

◆ Change passwords periodically.