According to a report by Hindustan Times, India has lost a total of ₹615.39 crores in more than 1.17 lakh cases of online banking frauds from April 2009 to September 2019. The occurrence of these frauds is spread over a decade. But the banking industry is witnessing a significant rise in the number of online banking frauds. According to the RBI’s annual report, bank frauds of Rs. 100,000 and above reported to RBI in value amounts to Rs.138422 crores in FY 2021 compared to Rs.71,500 crores in FY19. As the speed and ease of doing financial transactions through digital payments have improved, we may observe that the number of frauds in retail financial transactions has also gone up. Some of the typical modus operandi being used by fraudsters are – listed here below.
- Scam through Subsidy offer: According to a newspaper report, Thrissur City Police Cybercrime department has found that there have been a large number of cases in which criminals duped the public in the name of subsidies distributed by the Government through the Postal department. As per the report, the fraudsters have created a fake website resembling postal department websites and sent messages through Whatsapp and other social media apps stating that the Government is distributing Rs.6000/- subsidy. In order to receive the money, the beneficiaries are asked to confirm their identity by answering the related questions by logging in at the attached link. For mass publicity and public awareness, readers are asked to forward the messages to at least 4 WhatsApp groups or 20 WhatsApp numbers. The message also states that the members who have forwarded the message may win a prize of a large amount or a car. The gullible public may fall into trap of the fraudster to answer the questionnaire by clicking on such links which results in downloading of unknown / unverified apps on the customer’s mobile / laptop/desktop, etc. Once the malicious application is downloaded, the fraudster gains complete access to the customer’s device. Fraudsters can watch/control the customer’s mobile / laptop and gain access to the financial credentials of the customer by using such an app. Fraudsters also use this information to carry out unauthorised transfers of funds or make payments using the customer’s Internet banking/payment apps.
- Frauds using online sales platforms: Fraudsters pretend to be buyers on online sales platforms and show an interest in sellers’ product/s. Many fraudsters pretend to be defence personnel posted in remote locations to gain confidence. Instead of paying money to the seller, they use the “request money” option through the Unified Payments Interface (UPI) app and insist that the seller approve the request by entering UPI PIN. Once the seller enters the PIN, money is transferred to the fraudster’s account.
- Scam through Credit card reward points: Credit card reward points are offered by almost all card issuers. Many cardholders do not know how to encash reward points. Fraudsters use this system to their advantage by offering to provide assistance in redeeming reward points. Typically fraudsters try to create a sense of urgency by stating that the offer will end soon or points are about to expire. After collecting card details OTP, PIN, CVV number, or other credentials, fraudsters would carry out unauthorized transfers from the customer’s card account.
- Frauds due to the use of unknown/unverified mobile apps: Fraudster create a fake website of a bank/e-commerce company and trick the customer to click on such links which result in downloading of unknown/unverified apps on the customer’s mobile / laptop/desktop, etc., Once the malicious application is downloaded, the fraudster gains complete access to the customer’s device. These include confidential details stored on the device and messages / OTPs received before / after installation of such apps
- ATM card skimming: ATM card skimming is a way of stealing PINs and other information off credit cards and debit cards. Fraudsters install skimming devices in ATM machines and steal data from the customer’s cards. Sometimes they may install a dummy keypad or a small / pinhole camera, well-hidden from plain sight to capture ATM PIN. There were occasions like strangers pretending to be other customers standing nearby to gain access to the PIN when the customer enters it into an ATM machine. Bank ATMs and payment terminals at Petrol pumps and other merchants are the targets of this scam. Thieves then use the stolen information to produce fake cards and spend victims’ money or take cash straight from their bank accounts.
- Screen sharing app/remote access: Customers are fooled to download a screen-sharing app. Fraudsters can watch/control the customer’s mobile / laptop and gain access to the financial credentials of the customer by using such an app. Fraudsters also use this information to carry out unauthorised transfers of funds or make payments using the customer’s Internet banking/payment apps.
- Frauds by compromising credentials through search engines: Normally, customers use search engines to obtain contact details/customer care numbers of their bank, insurance company, Aadhaar updating center, etc. These contact details on search engines often do NOT belong to the respective entity but are made to appear as such by fraudsters. When you call the bank/company using the unknown/unverified contact numbers, the imposters ask the customers to share their card credentials/details for verification. Assuming the fraudster to be a genuine representative of the Regulated Entity, customers share their security details and thus fall prey to frauds.
- Scam through QR code scan: Fraudsters often contact customers under various pretexts and trick them into scanning Quick Response (QR) codes using the apps on the customers’ phones. QR codes have account details embedded in them to transfer money to a particular account. By scanning such QR codes, customers may unknowingly authorise the fraudsters to withdraw money from their accounts. QR code scams can also lead you to websites that can then download malicious malware to obtain information on your phone. That malware can also allow scammers to hold your device hostage and demand payment.
- Impersonation on social media: Fraudsters create fake accounts using details of the users of social media platforms such as Facebook, Instagram, Twitter, etc. Then they will ask for money from the user’s friend for urgent medical purposes or payments etc. Usually, fraudsters use fake details to contact users and gain users’ trust over a period of time. When the users share their personal or private information, the fraudsters use such information to blackmail or extort money from the users.
- Juice jacking: One should be careful while using public charging ports for his mobile phone. The charging port of a mobile can also be used to transfer files/data. Fraudsters use public charging ports to transfer malware to customer phones connected there and take control/access/steal data sensitive data such as emails, SMS, saved passwords, etc. from the customers’ mobile phones (Juice Jacking).
- Lottery frauds: Fraudsters send emails or make phone calls that a customer has won a huge lottery. In order to receive the money, the beneficiary (victim) will be asked to confirm their identity by entering their bank account/credit card details on a website from which data is captured by the fraudsters. The member will be asked to pay taxes/foreign exchange charges, upfront or pay the shipping charges, processing, handling fee, etc., to receive the lottery product. In some cases, fraudsters may pose as a representative of RBI or a foreign bank, company, or international financial institution and ask the targeted prey to transfer a relatively small amount in order to receive a larger amount in foreign currency from that institution. Since the amount payable is relatively very small the gullible public may fall into trap of the fraudster to making the payment
- Online job frauds: Fraudsters create fake job search websites and when the job seekers share secure credentials of their bank account/credit card/debit card on these websites during registration, their accounts are compromised. The employing company is located in another company. Fraudsters also pose as officials of a reputed company(s) and offer employment after conducting fake interviews. The job seeker is then induced to transfer funds for registration, mandatory training program, laptop, etc. Therefore, it is important to know that a genuine company offering a job will never ask for money for offering the job. Job seekers need to confirm the identity and contact details of employing company whether it is offered by local or overseas entities. The e-mail address associated with the offer uses a web-based service (Gmail, Yahoo!, Windows Live, Hotmail, etc.) instead of an organization-based domain is an easy warning of fake job search websites.
- Work from home job offer: Through pamphlet papers, and e-mails fraudsters promise individuals an online job opportunity and high salaries just for working a few hours a day or completing tasks in a given time. Job seekers will be asked to register online by paying a fee to avail of the opportunity and receive the ‘job kit’. After the money is deposited, these fraudsters disappear without a trace. Most of the victims of this type of fraud are homemaker women and retired people
- Money mules: Money Mule is a term used to describe innocent victims who are duped by fraudsters into laundering stolen/ illegal money via their bank account(s). Fraudsters contact customers via e-mails, chat rooms, job websites, or blogs and convince them to receive money into their bank accounts, in exchange for attractive commissions. The money mule is then directed to transfer the money to another money mule’s account – starting a chain that ultimately results in the money getting transferred to the fraudster’s account. Alternatively, the fraudster may direct the money mule to withdraw cash and hand it over to someone. Money mules are recruited, sometimes unwittingly, by criminals to transfer illegally obtained money between different bank accounts. When such incidents are reported, the money mule becomes the target of police and law investigations, due to their involvement.
- Fake advertisements for extending loans: Fake advertisements are issued by fraudsters offering personal loans at very attractive and low rates of interest or easy repayment options or without any requirement of collateral/ security, etc. The prospective borrowers will be getting e-mails to contact them for loans. The email IDs of the sender look like- IDs of senior officials of well-known/genuine Non-Banking Financial Companies (NBFCs). Fake websites are also created and show up on search engines when people search for information on loans. When the borrower approaches them for loans they will be asked to deposit money towards of various upfront charges like processing fees, Goods and Services Tax (GST), intercity charge, advance Equated Monthly Installment (EMI), etc., and later abscond without disbursing the loans.
- SMS / Email / Instant Messaging / Call scams: Fraudsters circulate fake messages in instant messaging apps / SMS / social media platforms on attractive loans and use the logo of any known NBFC as a profile picture in the mobile number shared by them to induce credibility. The fraudsters may even share their Aadhaar card / Pan Card and fake NBFC ID card. After sending such bulk messages / SMS / emails, the fraudsters call random people and share fake sanction letters, copies of fake cheques, etc., and demand various charges. Once the borrowers pay these charges, the fraudsters abscond with the money.
- Money circulation / Ponzi / Multi-Level Marketing (MLM) Scheme Fraud: Fraudsters use MLM / Chain Marketing / Pyramid Structure schemes to promise easy or quick money upon enrolment or adding of members to the scheme. They promise not only high returns on your investments, pay the first few installments (EMI) to gain the confidence of gullible persons, and attract more investors through word of mouth publicity. To encourage more people to join the chain, they pay a commission to the enroller for the number of people introduced by them to join the scheme. This model becomes unsustainable after some time when the number of persons joining the scheme starts declining. Thereafter, the fraudsters close the scheme and disappear with the money invested by the people till then. Therefore, caution is to be exercised when a scheme offers abnormally high returns consistently. Hence, do not be tempted by promises of high returns offered by entities running Multi-Level Marketing / Chain Marketing / Pyramid Structure schemes, it could be the first sign of potential fraud. Moreover, acceptance of money under Money Circulation / Multi-level Marketing / Pyramid structures is a cognizable offence under the Prize Chits and Money Circulation Schemes (Banning) Act, 1978.
- Deposits with NBFCs: The Non-banking Financial Companies (NBFCs) are permitted to accept deposits from the public only with the permission of RBI. The list of NBFCs eligible to accept deposits is available on the RBI website. If the name is not appearing on the list, they are prohibited from accepting deposits from the public. Remember, NBFCs cannot accept deposits for a period of less than 12-months and more than 60 months and the maximum interest rate that an NBFC can pay to a depositor should not exceed 12.5%. RBI publishes the change in interest rate from time to time on https://rbi.org.in → Sitemap → NBFC List
- OTP-based Frauds: There have been a large number of cases in which criminals duped bank customers into revealing OTP or accessed it by hacking their smartphones. According to the Karnataka Criminal Investigation Department, there have been a large number of cases in which criminals duped bank customers into revealing OTP or accessed it by hacking their smartphones. Impersonators send messages, or SMS to NBFC/Bank customers offering loans or enhancement of credit limit on NBFC/bank customers’ loan accounts, and ask the customers to contact them on a mobile number. When contacted, customers will be asked to fill forms to collect their financial credentials. Customers may be induced or convinced to share the OTP or PIN details and carry out unauthorized transfers from the customer’s account.
- SIM swap / SIM cloning: Fraudsters have found different ways to bypass the OTP deterrent. Fraudsters gain access to the customer’s Subscriber Identity Module (SIM) card or may obtain a duplicate SIM card (including electronic SIM) for the registered mobile number connected to the customer’s bank account.
Fraudsters can just walk into a customer’s bank, impersonate him request a change in the registered mobile number linked to the customer’s bank account and use the new connection to receive OTPs for transactions, and carry out unauthorized transfers from the customer’s account.
Another method is for fraudsters to contact mobile operators with fake identity proof and get a duplicate SIM card. The operator deactivates the original SIM and the criminals generate OTP on the new number and conduct online transactions. Hence, be watchful regarding mobile network access on your phone. If there is no mobile network in your phone for a considerable amount of time in a regular environment, immediately contact the mobile operator to ensure that no duplicate SIM is being/has been issued for your mobile number.
21. Phishing links: Phishing is an e-mail borne fraudulent attempt to obtain confidential information from the recipient such as usernames, passwords and credit card details by disguising oneself as a reliable entity or downloading malware by clicking on a hyperlink in the message. The modus operandi is fraudsters create a bogus website which looks like an existing genuine website, such as – a bank’s website or an e-commerce website or a search engine, etc. Links to these websites are circulated by fraudsters through Short Message Service (SMS) / social media / email / Instant Messenger, etc.
Spear-phishing: Spear-phishing is a fraudulent attempt to steal sensitive information by sending emails ostensibly from a known or trusted sender inducing to reveal confidential account information, credentials, or financial information from a specific victim.
22. Vishing: Imposters call or approach the customers through telephone call / social media posing as bankers / company executives / insurance agents / government officials, etc. To gain confidence, imposters share a few customer details such as the customer’s name or date of birth. Usually, imposters pressurize / trick customers into sharing confidential details such as passwords / OTP / PIN / Card Verification Value (CVV) etc., by citing an urgency / emergency such as – need to block an unauthorized transaction, payment required to stop some penalty, an attractive discount, etc. These credentials are then used to defraud the customers.
23. Fraudulent loans with forged documents: Frauds have been taking place in the housing, consumer, and retail finance portfolios perpetrated by unscrupulous borrowers by submitting fake/forged/stolen documents to the banks. The most common modus operandi adopted was availing of credit facilities by submitting forged/fake documents in respect of properties offered to banks as securities. In many cases, the same property was offered as security to different banks by submitting fake title deeds. In some cases, the properties, which were mortgaged to the banks, were found to be non-existent. Loans were granted to persons without verifying their antecedents/details. As a result, subsequently they were found to be non-existent. The documents submitted for availing the loans such as the deeds, income tax returns, salary certificates, etc. were fake/fictitious. The chartered accountants who had purportedly issued/verified the documents were found to be non-existent themselves. In a number of fraud cases, the builders/developers had defrauded the banks by pocketing the housing loans which they managed to obtain in the names of fictitious persons by submitting forged documents. In some instances, builders/developers in connivance with the employees of Public Sector Undertakings had arranged housing loans from banks by submitting fake/forged/manipulated salary certificates. Such loans were subsequently misappropriated. Vehicle/consumer loans were obtained by submitting fake/forged invoices/quotations and were misappropriated without creating charge on the security. Fraudsters use forged documents to avail services from financial institutions. There are several incidents of fraudsters commit identity thefts, steal personal information of customers such as identity cards, bank account details etc., and use this information or credentials to avail benefits from a financial institution.
You may take the following measures to protect your account from fraudsters. Click
Articles published in banking school---
No comments:
Post a Comment