Global user preferences and activities in banking are changing as a result of the Covid-19 pandemic. The use of digital banking increased significantly at almost all banks, both big and small. Even more so, especially among the older cohorts, the pandemic encouraged many people to use mobile banking for the first time. It is convenient to check the status of our accounts, pay our bills, transfer money, and withdraw cash from ATMs easily, thanks to mobile banking.

However, as the use of digital banking increases, it also provides opportunities for many fraudsters to find weaknesses and deceive users in various ways. Fraudsters may exploit security gaps in banking, as they expand to new digital channels, leading to hefty compliance fines or data loss. Many people are falling for these con games that steal their hard-earned cash and expose their private information. Due to increase in use of contactless payment mediums, cybercrimes are on the rise. Some of the most reported cybercrimes are malware attack, phishing, OTP scams and fake UPI links.

In May 2022, the government received at least 61,100 reports of digital payments fraud, according to data from the cybercrime section. Over half of these complaints involved UPI scams.

To understand better, we’ve listed below a few prevalent forms of online banking frauds that we all need to be aware of:

1. Malware attack:

Malwares are malicious software which are designed to attack and cause damage to the operating system of the device in which they are installed… Fraudsters are then able to access confidential banking information which is further misused for withdrawal of money from the victim’s bank account.


It’s an effort to “fish” for confidential banking information. Phishing may involve an email that alleges to be from a well-known entity, such as a bank, or a trusted website. Please be aware that banks will never request private information like a password for a transaction or login, an OTP, or anything similar.

3. Spear Phishing:

This is a targeted phishing attempt delivered by email that not only looks to be from a reliable source but also frequently originates from a co-worker, boss, or a close relative. The users are urged to click on malicious links or attachments in the email. It is a tactic used by fraudsters to get users to reveal their sensitive information such as login credentials or personal details or else to infect the user’s device with malware.

4. Website Spoofing:

The act of building a fake website with the goal to commit fraud is known as website spoofing. Phishers exploit the names, logos, pictures, and even the website’s code to make spoof sites appear authentic.

5. Vishing:

This is a scammer’s attempt to obtain sensitive information such as user name, login and transaction passwords, one-time passwords (OTPs), URNs (unique registration numbers), card PINs, grid card values, CVVs, or any personal information like birthdate or mother’s maiden name through a phone call. Fraudsters call users and pose as bank representatives in an effort to deceive them into giving their personal and financial information.

6. Skimming:

By reading the magnetic strip on the back of a credit/debit/ATM card, fraudsters can obtain information from the card. In the card slot of ATMs or merchant payment terminals, they hide a small gadget called as skimmer. This “skimmer” reads the card information and records it. Fraudsters might also use a tiny, carefully placed camera to record the PIN.

7. Smishing:

It combines phishing with short messaging service (SMS/text messaging). Cell phone users receive messages stating that their accounts are past due, need to be updated, or directing them to sign up for a new scheme. This scam takes advantage of toll-free phone numbers and links in the message. Fraudsters trick users into clicking on phishing links sent in the message where confidential details of the user are compromised.

8. SIM Swap:

Under this, a fraudster is successful in using your registered mobile number to obtain a new SIM card from the mobile service provider. The fraudster receives the OTP and alerts that are needed, to conduct financial transactions through your bank account with the help of the new SIM card.

As users, how can we safeguard ourselves from digital banking fraud?

It’s sometimes not easy to detect cyber frauds, even while it is happening to us. But what we can do is stay cautious and aware. Here are 10 ways to stay alert.

  1. Not every app is safe. Only install approved and well recognised applications
  2. If your card has been lost or stolen, have it blocked right away
  3. Always keep your phone’s and computer’s security software up to date
  4. Never share any of your private information to a stranger or third party
  5. Avoid unsafe websites, and only visit reputable ones
  6. Instead of using unsecure public Wi-Fi, use secure internet connections
  7. Utilize your card with caution. Verify that the card reader is a real device
  8. Do not reply to telemarketers’ calls, emails, or messages
  9. Never allow anyone remote access to your laptop or PC
  10. Avoid clicking on any unreliable links, images, or links to illegitimate contests

RBL Bank creatively conveys the message of cyber safety

RBL Bank has always been at the forefront to make our digital ecosystem completely safe and secure. We launched the #RahoCyberSafe series of consumer awareness videos to inform people about online banking frauds. The intention was to draw attention to the increase in internet fraud schemes and tactics. Scammers encourage victims to react without thinking. Here are some examples of when we warned users.

RBL’s Fraud Awareness Campaign

Instance 1: You get a call from an unknown number and they tell you that today is the last day to update KYC details. The caller also suggests that for security reasons, you need to download AnyDesk on your phone and then enter the KYC details. That’s a sign of a cyberscam – Banks, including RBL Bank, never ask any user to download unknown links. So, India, stay safe, and #RahoCyberSafe. Watch this video


Instance 2: You get an unknown call where the caller says that you have won a bike from the bank’s side. Then the caller also asks to message some code from your registered mobile number. Also, asks to SMS right away and confirm your UPI MPIN. Remember, any bank, including RBL Bank, will never ask users to SMS a code. So, India, stay safe, and #RahoCyberSafe. Watch this video


Instance 3: You get an email specifying a bank alert with a link attached. The link also mentions sending your account details. That’s a sign of a cyber-scam. Banks, including RBL Bank, never ask to share your account details via email or SMS. So, India, stay safe, and #RahoCyberSafe. Watch this video


Instance 4: You get a call specifying that your credit card limit has been extended to a particular amount. The caller also asks you to confirm the 16-digit number on your credit card and the 3-digit number on the card’s backside. That’s a scam sign! Beware, that any bank, including RBL Bank, will never ask users to send a user’s credit card or CVV number. So, India, stay safe, and #RahoCyberSafe. Watch this video


Get started in the world of hassle-free digital banking. Check out the multiple offers and offerings of RBL Bank – Apno ka Bank.

If you have been a victim, you can register a complaint immediately by dialing 1930 or visit the National Cybercrime Reporting Portal.