In the view of rising financial frauds where cyber criminals have been using innovative methods to defraud gullible individuals and newbies, the Reserve Bank of India (RBI) released a 40 page booklet listing out all the ways scammers can steal your financial credentials and empty your bank accounts.
This booklet titled ‘BE(A)WARE’ emphasizes the need to keep one’s personal information safe, practicing due diligence while performing financial transactions. Here are all the popular ways RBI lists that scammers use frequently to steal your sensitive data.
Pushing out a malicious link is one of the most simple method to scam an unsolicited individual. According to RBI, fraudsters might create a fake website which looks like an existing genuine website, such as bank’s website or e-commerce website or search engine, etc. These links are then circulated by fraudsters through text messages or via social media, etc.
Malicious links are masked through authentic looking names of websites, but in reality, the customer gets redirected to phishing website. When customers enter secure credentials on these websites, the same is captured and used by the fraudsters
It should be noted that most of the time, customers enter secure credentials by just having a glance and clicking at the link but not checking the detailed URL.
On e-commerce platforms, fraudsters might pretend to be buyers and show interest in your product. This is a very classic technique of defrauding individuals. “Instead of paying money to you, they use “request money” option through UPI app and insist to approve the request to pull money from your bank account,”RBI said in its research.
Unknown mobile apps
Malicious mobile apps are the easiest way for hackers to gain complete access to your device. These applications are shared as ‘authentic’ apps on social media platforms and WhatsApp group chats. The link is engineered in such a way that the customer is redirected to download unknown application. Once the app is downloaded, the fraudster gains complete access to your device.
RBI highlights that these apps are mostly screen sharing apps through which the scammers can watch , control your mobile phone to gain access to your financial credentials. Later, they make payments using your Internet banking and payment apps.
Through search engines
All of us rely upon Google to search for contact number of businesses, banks, and government offices. Scammers are well aware that search engines have become a source of trust. Taking advantage of this, scammers have listed out fake contact details on search engines such as Google, Yahoo, etc., to attract victims and steal their money.
Once a customers calls on these number, the impostors ask the customers to give their card credentials details for verification. Assuming this contact to be genuine, people compromise all their secure details and thus fall prey to frauds.
Scanning QR codes has become very prominent during COVID times. Whether you’re in a restaurant looking to access the menu, or want to make a contact less payment. Scammers often contact customers under various pretext and trick them into scanning QR codes using payment apps. This allows the fraudsters to withdraw money from customer’s account.
This might sound unbelievable, but scammers have figured out a way to infect your devices and gain full access to it, using a charger. RBI in its research, notes that ‘juice jacking’ is a type of cyber stealing, where, once your mobile is connected to
unknown or unverified charging ports, unknown apps are installed with which, the fraudsters can steal sensitive data, email, SMS, and even saved passwords.
How to stay safe
RBI lists out ways to stay safe online.
#Be wary of suspicious looking pop ups that appear during your browsing session.
#Always check for a secure payment gateway (https:// – URL with a Pad Lock Symbol) before making online payments.
#Keep your PIN (Personal Identification Number), password, and credit or debit card number, CVV private.
#Avoid saving card details on websites/devices/public laptop/desktops.
#Turn on two-factor authentication where facility is available.
#Never open emails from unknown sources containing suspicious attachment or phishing links.
#Do not share copies of chequebook, KYC documents with strangers.