Be (a) ware RBI Notice on odus Operandi Financial System

BE (A) WARE RBI NOTICE ON ODUS OPERANDI FINANCIAL SYSTEM

What is the news:

  • The Reserve Bank has released a booklet, “BE(A)WARE” on the common modus operandiused by fraudsters and precautions to be taken while carrying out various financial transactions.

Increase in digital payments :

  • The surge in the digital modes of payments witnessed in the past few years gained further momentum during the COVID-19 induced lockdowns.
  • Digital payments enhance customer convenience by improving ease of doing financial transactions. They also contribute to promotion of financial inclusion.
  • However, fraudsters are finding new ways to defraud the gullible public through various ingenious methods. A root cause analysis of the complaints received at Ombudsmen Offices and the Consumer Education and Protection Cells (CEPCs) of RBI revealed, inter alia, that sharing of confidential information by the customers, knowingly or unknowingly, is one of the major causes leading to the financial frauds.

                        

About the booklet :

  • The booklet aims to enhance public awareness about various types of financial frauds perpetrated on gullible customers while carrying out digital payments and other financial transactions.
  • The booklet elaborates on safeguards against commonly used fraudulent techniques, such as, SIM swaps, vishing/phishing links, lottery, etc., including fake loan websites and digital apps.
  • Part A and Bof the booklet detail the commonly observed modus operandi and precautions to be taken against fraudulent transactions relating to banks and non- banking financial companies (NBFCs), respectively.
  • Part Cof the booklet explains the general precautions and digital hygiene to be followed by the public. The final section contains a glossary of commonly used terminologies in performance of financial transactions with banks and other regulated entities of RBI to improve understanding thereof among the public.
  • The booklet emphasises the need for keeping one’s personal information confidential at all times, being mindful of unknown calls / emails / messages, etc., and also outlines the due diligence measures to be followed while undertaking financial transactions.

Modus Operandi and Precautions to be taken against Fraudulent Transactions – Banks:

  1. Phishing links Modus Operandi
  • Fraudsters create a third-party phishing website which looks like an existing genuine website, such as – a bank’s website or an e-commerce website or a search engine, etc.
  1. Vishing calls Modus Operandi
  • Imposters call or approach the customers through telephone call / social media posing as bankers / company executives / insurance agents / government officials, etc. To gain confidence, imposters share a few customer details such as the customer’s name or date of birth.
  1. Frauds using online sales platforms Modus Operandi
  • Fraudsters pretend to be buyers on online sales platforms and show an interest in seller’s product/s. Many fraudsters pretend to be defence personnel posted in remote locations to gain confidence.
  1. Frauds due to the use of unknown / unverified mobile apps Modus Operandi
  • Fraudsters circulate through SMS / email / social media / Instant Messenger, etc., certain app links, masked to appear similar to the existing apps of authorised entities. ➢ Fraudsters trick the customer to click on such links which results in downloading of unknown / unverified apps on the customer’s mobile / laptop / desktop, etc.,
  1. ATM card skimming Modus Operandi
  • Fraudsters install skimming devices in ATM machines and steal data from the customer’s card. Fraudsters may also install a dummy keypad or a small / pinhole camera, well-hidden from plain sight to capture ATM PIN.
  1. Frauds using screen sharing app / Remote access Modus Operandi
  • Fraudsters trick the customer to download a screen sharing app. ➢ Using such app, the fraudsters can watch / control the customer’s mobile / laptop and gain access to the financial credentials of the customer.
  1. SIM swap / SIM cloning Modus Operandi
  • Fraudsters gain access to the customer’s Subscriber Identity Module (SIM) card or may obtain a duplicate SIM card (including electronic-SIM) for the registered mobile number connected to the customer’s bank account.
  1. Frauds by compromising credentials on results through search engines Modus Operandi
  • Customers use search engines to obtain contact details / customer care numbers of their bank, insurance company, Aadhaar updation centre, etc. These contact details on search engines often do NOT belong to the respective entity but are made to appear as such by fraudsters.
  1. Scam through QR code scan Modus Operandi
  • Fraudsters often contact customers under various pretexts and trick them into scanning Quick Response (QR) codes using the apps on the customers’ phone.
  1. Impersonation on social media Modus Operandi
  • Fraudsters create fake accounts using details of the users of social media platforms such as Facebook, Instagram, Twitter, etc.
  1. Juice jacking Modus Operandi
  • The charging port of a mobile, can also be used to transfer files / data. ➢ Fraudsters use public charging ports to transfer malware to customer phones connected there and take control / access / steal data sensitive data such as emails, SMS, saved passwords, etc. from the customers’ mobile phones (Juice Jacking).
  • Fraudsters send emails or make phone calls that a customer has won a huge lottery. However, in order to receive the money, the fraudsters ask the customers to confirm their identity by entering their bank account / credit card details on a website from which data is captured by the fraudsters
  1. Online job fraud Modus Operandi
  • Fraudsters create fake job search websites and when the job seekers share secure credentials of their bank account / credit card / debit card on these websites during registration, their accounts are compromised.
  1. Money mules Modus Operandi
  • Money Mule is a term used to describe innocent victims who are duped by fraudsters into laundering stolen / illegal money via their bank account/s.

Modus Operandi and Precautions to be taken against Fraudulent Transactions – Non Banking Financial Companies (NBFCs):

  • Fake advertisements for grant of loans
  • SMS / Email / Instant Messaging / Call scam
  • OTP based frauds
  • Fake loan websites / App frauds
  • Money circulation / Ponzi / Multi-Level Marketing (MLM) scheme frauds
  • Loans with forged documents.

General Precautions to be taken for financial transactions:

General precautions

➢ Be wary of suspicious looking pop ups that appear during your browsing sessions on internet.

➢ Always check for a secure payment gateway (https:// – URL with a pad lock symbol) before making online payments / transactions.

➢ Keep the PIN (Personal Identification Number), password, and credit or debit card number, CVV, etc., private and do not share the confidential financial information with banks/ financial institutions, friends or even family members.

➢ Avoid saving card details on websites / devices / public laptop / desktops.

➢ Turn on two-factor authentication where such facility is available.

➢ Never open / respond to emails from unknown sources as these may contain suspicious attachment or phishing links.

➢ Do not share copies of chequebook, KYC documents with strangers.

For device / computer security Change passwords at regular intervals.

  • Install antivirus on your devices and install updates whenever available.
  • Always scan unknown Universal Serial Bus (USB) drives / devices before usage.
  • Do not leave your device unlocked. ➢ Configure auto lock of the device after a specified time.  Do not install any unknown applications or software on your phone / laptop.
  • Do not store passwords or confidential information on devices. 26 For safe internet browsing
  • Avoid visiting unsecured / unsafe / unknown websites.
  • Avoid using unknown browsers. ➢ Avoid using / saving passwords on public devices.
  • Avoid entering secure credentials on unknown websites/ public devices.
  • Do not share private information with anyone, particularly unknown persons on social media.
  • Always verify security of any webpage (https:// – URL with a pad lock symbol), more so when an email or SMS link is redirected to such pages.

For safe internet banking

➢ Always use virtual keyboard on public devices since the keystrokes can also be captured through compromised devices, keyboard, etc.

➢ Log out of the internet banking session immediately after usage. ➢ Update passwords on a periodic basis.

➢ Do not use same passwords for your email and internet banking.

➢ Avoid using public terminals (viz. cyber cafe, etc.) for financial transactions. 27 Factors indicating that a phone is being spied ➢ Unfamiliar applications are being downloaded on the phone.

➢ There is a faster than usual draining of phone battery.

➢ Phone turning hot may be a sign of someone spying by running a spyware in the background.

➢ An unusual surge in the amount of data consumption can sometimes be a sign that a spyware is running in the background.

➢ Spyware apps might sometimes interfere with a phone’s shutdown process so that the device fails to turn off properly or takes an unusually long time to do so.

➢ Note that text messages can be used by spyware and malware to send and receive data.

5 1 vote
Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments