Amid the COVID-19 pandemic, digital payment methods gained popularity. Both banks and customers embraced the new normal by going fully digital with their banking needs. However, this phenomenal growth also led to a drastic jump in the number of fraudsters reinventing ways to make use of loopholes and scam the unsuspecting victims. To raise awareness among banking customers and to nip frauds in the bud, the Reserve Bank of India (RBI) has taken several steps, including the launch of the Early Warning System (EWS) framework, a dedicated Market Intelligence (MI) Unit for frauds, and a governance and response system for frauds.
RBL Bank, in an effort to educate its customers, has put together a list of various types of frauds that are currently prevalent in the country. While this list is not exhaustive, it sheds light on the most common types that all customers should be aware of.
Fraud Through UPI
1) UPI PIN Phishing, and
2) Request money fraud
In a UPI PIN phishing scam payment links are sent by fraudsters through an SMS. These payment links are created to defraud users which look similar to original payment gateway URLs. After clicking on such links users are directed to the UPI payment app installed on their phone where upon giving permission by entering their UPI PIN the amount is debited from their bank account immediately. In another type of UPI fraud, fraudsters share picture of QR code on social media platforms like WhatsApp, Instagram and Facebook where they ask users to scan the code, enter an amount, and enter their UPI PIN to receive free cash rewards in their bank account. Alternatively, fraudsters also use apps which allow them to send a QR code with a pre-populated amount asking users to just enter their UPI PIN. In such instances as soon as users enter their UPI PIN the amount is debited from their bank account immediately.
Fraud Through Telecallers
Telecaller Fraud is increasingly becoming a threat. Fraudsters claim to be bank officials calling with a pretext that may include debit card issues, insufficient balance, or a claim of suspicious activity in the customer’s account. After establishing authority and raising enough panic in a customer’s mind, they ask for sensitive banking details like full account number, ATM card number, PIN, OTP, or even online banking credentials. This phishing act allows the fraudsters an unbridled access to the customer’s account, and they can make transactions on the customer’s behalf. In instances like this, it is important to be vigilant, not share any sensitive details with any strangers on phone, and know good banking practices to #RahoCyberSafe.
Fraud Through KYC
KYC Fraud is another type of phishing scam to collect personal information about the customer. By impersonating a banking official, fraudsters can claim incomplete KYC documents, threaten repercussions like blocking of an account or penalties, and request sensitive information such as PAN number, Aadhar number, address proof copies, OTP, etc. These details can be used against the customer to access their bank account and steal money. This fraud can happen through emails or phone calls. It is important to know that no Bank or Government official will ever ask for sensitive banking information over phone calls and emails.
Fraud Through Emails
“You have won $50,00,00,000! Click here to claim all of it!”
“My son suffers from a rare condition. Please save him with a small contribution.”
“Save the farmers in Nigeria!”
Everyone has received at least one email that tries to lure the reader into clicking a link in the mail. Email Fraud is not just a problem for individuals; many businesses have also fallen victim to phishing emails trying to take advantage of the uninformed. These mails can either send a virus to the system and hack or take the user to a malicious site to gain access to their bank accounts. There are times when such emails lead to a landing page that is highly similar to a social media or an existing website that users are familiar with, and tricks them into entering their login details. These details are then used by the fraudsters to access the users’ personal information and steal money. It is highly recommended that one does not click on unknown/unverified links, and always check the URL before submitting personal and sensitive information on any landing page.
Fraud Through ATMs
In ATM Frauds, customers are unwittingly robbed off their debit card number or PIN to gain access to their bank accounts. One of the most unpopular ATM scams involves thieves using counterfeit devices to gain access to the ATM cabin and using a false facade on the front of the machine’s keypad. Inadvertently, the customer who is using the machine shares bank details on this device too, that can be accessed by fraudsters to steal money from the account. In another type of ATM fraud, some fraudsters use ‘cracking’ software programs to swipe data from free-standing ATMs.
Fraud by Cloning Your SIM
SIM Cloning Fraud is an online scamming method in which the fraudsters gain control by creating a duplicate SIM from the original one. With this technique, the fraudster can access the victim’s International Mobile Subscriber Identity (IMSI) and encryption key to track messages, listen to calls, and send texts using the mobile number. By gaining access to the mobile number, the fraudster can impersonate the victim to banks, use a two-factor authentication mechanism to reset passwords, hack financial accounts, and more.
Fraud Through Loans
There are a series of instances in which PAN cardholders have fallen victim to Loan Fraud. The fraudster calls victims and offers easy loans that involve minimal KYC by impersonating a bank official. After obtaining sufficient records to ‘grant’ a loan, fraudsters use them to purchase loans without the holder’s knowledge or permission. While the fraudsters (obviously) do not bother to repay this loan, the unaware PAN cardholder is held responsible. This fraud directly affects the CIBIL score of the cardholder, in addition to leading to financial losses.
Prevention is Always Better than Cure, and #RahoCyberSafe
To avoid being victim of Fraud, it is important to stay vigilant. While there are new ways of scams coming up, certain rules remain unchanged. Here are a few things you can do to stop a fraudster from scamming you.
- Do not share confidential information such as card CVV number and personal information such as Aadhar or PAN number with anyone.
- Remember that there is no need to enter your UPI PIN while receiving money.
- OTPs are only for making payments. Do not enter OTPs from suspicious numbers in website links sent by telecallers.
- In case of claims of suspicious activity in your account, visit your nearest branch to clarify the issue. Do not engage with telecallers claiming to resolve that issue through OTP or submitting personal information.
- Always check email IDs before clicking on any email links. Phishing links can capture personal information.
- If ATM withdrawal was unsuccessful, ensure that you exit the process completely before leaving the booth. Also, inspect the booth for hidden cameras to protect your ATM Pin.
- If you are an avid digital banking user, your phone is the gateway to your account. Do not leave phones unattended in public places to avoid phone cloning or SIM cloning.
- Protect your devices with strong passwords and create unique passwords for digital wallets. Always install the latest security patch in your system.