How to save your hard earned money from falling in hands of fraudsters.

Digital era has brought with it a range of benefits but at the same time very novel kind of frauds too, which leaves many a people’s bank account empty. Here is a list of frauds and how to protect yourself from them. The nomenclature of the frauds may seem a little funny, as if a snake is hissing viz., Phishing, smishing, vishing, etc., but don’t take them for granted, as they are as dangerous as any poisonous snake. We will discuss each type of frauds, their meaning, Modus operandi of the fraudsters and means to safeguard yourself from falling into the trap. Let’s begin with each type of fraud one by one.

1. Phishing

Most common type of fraud is Phishing. Under this fraud, sensitive information such as Credit/Debit Card number, Card expiry date, CVV number, customer ID, mPIN, etc. are obtained through emails that appear to be from a legitimate source. Masked emails are sent that appear legitimate but are actually not and the user is befooled in revealing or typing in his banking details.

Modus operandi of fraudsters?

Fraudsters send fake masked emails to customers which appears legitimate, asking them to urgently verify or update their account information by clicking on a link in the email. Clicking on the link takes the customer to a fake website that looks exactly like the official Bank website – with a web form to fill in his/her personal information. The details so obtained is then used to conduct fraudulent transactions through the customer’s account.

How to safeguard yourself from fraud:

– Always check the web address carefully.
– For logging in, always type the website address in your web browser address bar.
– Install an anti-virus, firewall, antispyware and security patches on your computer and smartphone and keep them updated. Use licenced version and not a pirated one.
– Under no circumstances click on any suspicious link in your email.
– Do not divulge any sensitive or confidential information on email, even if the email seems to be from authorities like Income Tax Department (most threatening), Employee Provident Fund, Visa, Rupay or MasterCard etc.
– Avoid opening unexpected email attachments or instant message download links. – Under no circumstances access Banking services like net banking or make payments using your Credit/Debit Card/Wallets from computers/systems in public places like cyber cafes or even from unprotected smartphones.

How to identify fake Phishing website / Mails?

Always look for the salutations in the mail, phishing emails are normally sent in bulk to reach as many people, so they put generic salutation like below, genuine mail always comes with your name.
Dear Sir / Madam
Dear Customer/ Dear Esteemed Customer

Check the domain or email ID from where mail has originated. Generally, fraudster tries to build look-alike email ID with some spelling juggling like below: Instead of HDFC fraudster may use HBFC or HPFC etc. Usually, such emails have some kind of urgency and they threaten you with some consequence if you ignore the mail. When you click on URL it will redirect you to some website which will look alike the bank site but if you check the URL address then it would be different from bank website address.

Most fake web addresses begin with ‘http://’. While an authentic or legitimate website will always start with HTTPS. The ‘s’ at the end of ‘https://’ stands for ‘secure’ – meaning the page is secured with an encryption. Which can be 128 bit or 256-bit encryption. Usually it is 128 bit encryption.

Check the Padlock symbol. A green padlock depicts the existence of a security certificate, also called the digital certificate for that website. A red padlock means the certificate has expired and needs renewal and when the padlock is red then also any transaction on such websites shall be avoided at all cost.
Crosscheck the authenticity of the website by verifying its digital certificate. For this, click on File / Properties / Certificates alternatively double click on the Padlock symbol at the upper right or bottom corner of your browser window.

2. Smishing

Smishing is done via smart mobile phone text messages (SMS) by luring the victims into calling back on a fraudulent/specific phone number, visit fraudulent websites or download a malicious content/application/program/game via phone or web.

Modus operandi of fraudsters?

Fraudsters send SMS alert to customer’s intimating that they have won a prize money, lottery, job offers etc. and compels them to them to share their Card or Account credentials in order to obtain the prize money, lottery or job confirmation.
Inadvertently, the customers follow instructions to visit a website, call a phone number or download a malicious application, game or content.
Details hence divulged with the person who initiated the SMS are then used to execute fraudulent transactions on a customer’s account, causing them huge financial loss.

How to protect yourself from fraud:

– Never share your personal information or financial information via SMS, call or email.
– Never follow the instructions as mentioned in SMS sent from an untrusted source, delete such SMS immediately.
– If you receive any urgent communication asking for personal information, call Phone Banking number of your bank or report it to your banker, to check if it was a legitimate communication from their end.

3. Forged Phone Calls

In Forged phone calls, the fraudsters pose as either your relative or friend and on the pretext of some emergency, asks you transfer a small sum on immediate basis in their bank account/wallet.

Modus operandi of fraudsters?

Fraudster gathers information about you from social networking sites like Facebook, Instagram, Linkedin, twitter etc., and also from apps like Truecaller.
Fraudster calls an individual and poses as a relative or friend and talks to you about few incidents which had recently occurred with you, so that they can trick you into thinking that you actually know them.
Once they gain your confidence, they ask you to transfer some money (usually small amount ranging between INR 500 to 5000) in their bank account or wallet account citing medical reasons.
Once customer transfer the amount fraudster further transfer that money to their some other account so that transaction cannot be reversed.

How to protect yourself from fraud:

– Never share personal details on social networking sites.
– Never transfer the funds without confirming the identity of the recipient as the money once transferred cannot be reversed.

4. Vishing

Vishing is a very common kind of fraud prevailing these days where the fraudsters try to seek your sensitive personal information like OTP, Bank Customer ID, Net Banking password, CVV, ATM PIN, Card expiry date, PF number, etc. through a phone call.

Modus operandi of fraudsters?

The fraudster represents himself/herself an employee of the bank or a Government / Financial institution and asks customers for their personal information.
They cite varied reasons as to why they need this information. For e.g. linking of account to AADHAR number, reactivation of account, enhancing of reward points, upgrading your credit card, sending a new card etc.
These details thus obtained are then used to execute fraudulent activities/ transactions on the customer’s account without their knowledge.

How to protect yourself from fraud:

– Never divulge any personal information like Customer ID, ATM PIN, OTP etc. over the phone, SMS or email.
– Even in an iota of doubt, call on the Phone Banking number or report it on the respective bank website.

5. SIM Swap

In such frauds, the fraudsters manage to arrange a new SIM card issued against your mobile number registered with the bank, through the mobile service provider. With the help of this new SIM card, they get One Time Password (OTP) and alerts, required for making financial transactions through your bank account.

Modus operandi of fraudsters?

Fraudsters gather individuals/customer’s personal information through Phishing, Vishing, Smishing or any other means.
They then approach the mobile operator and on some pretext or other they get the SIM blocked. Consequently, they approach the retail outlet of the mobile operator with the fake ID proof posing as the customer.
On production of such information, the mobile operator deactivates the genuine SIM card and issues a new one to the fraudsters
Since the fraudsters now have a SIM in your name he can easily generate One Time Password (OTP) for carrying out financial transactions using the stolen banking information. OTP will be received on the new SIM obtained by the fraudster.

How to safeguard yourself from fraud:

– If your mobile number is not working for longer than the usual period, then immediately inquire with your mobile operator to make sure you haven’t fallen victim to some evil fraud.
– Always Register for SMS and Email Alerts to get regular update about the activities in your bank account, even if it is chargeable.
– Check your bank statements and transaction history for any irregularities on a regular basis.

6. Identity Theft

Identity Theft means your name has been used along with your personal details to obtain loans, credits and other services. Thereby meaning, someone else enjoys the meal and you pay the bill.

Modus operandi of fraudsters?

The personal profile of an individual is gathered through various other means explained above like Phishing, Vishing, Smishing or any other means.
They call up customers/individuals and try to obtain details by posing as a Bank Staff. They will be very courteous and soft-spoken.
They might visit customers posing as bank staff and collect personal information like Name, Father’s Name, Address, Permanent Address, Date of Birth, Aadhaar number, PAN Number etc.

How to safeguard yourself from fraud:

– Always destroy any paper or envelope containing details of your identity.
– Never share your personal information with a stranger or any third party, posing as a bank representative. Cross check the identity of a person posing as bank staff directly with bank branch or head office, not on numbers they provide for verification.
– Always update your mobile/contact number, email ID and address in case they change, with your bank records and also other important documents like Aadhar, Voter card, etc.

7. Trojan

If you remember the epic movie Troy of Brad Pitt in the year 2004, then you can very easily understand what is Trojan. At the end of the movie a wooden horse was left on the shores of sea and Hector’s army considering it a prized possession, took it in the castle only to bring doom to their kingdom. Achilles army was hiding in that huge horse and once it gained access in the castle it wreaked havoc. Trojan word is derived from the same. It is a harmful piece of software (Achilles) that users (Hectors) are typically tricked into loading (giving access) and executing on their computers (castle). Once it is installed and activated, Trojan attacks the computer/system/smartphones leading to data theft, wiping out of data files, the spread of viruses. Trojans can also enable backdoors in the software of your system to give access to hackers.

Modus operandi of fraudsters?

Fraudsters use spamming techniques to send e-mails in bulk to numerous gullible people.
Those who open or download the attachment in these emails get their computers/mobiles infected.
When the customer performs account/card related transactions, the Trojan steals personal information and sends them to fraudsters.
These details will then be used to conduct fraudulent transactions on the customer’s account.

How to safeguard yourself from fraud:

– Never open e-mails or download attachments from unknown sources or sender, mark them spam immediately and delete such emails. Marking them spam will keep them from coming directly to your inbox.
– Installing licensed antivirus on your computer/smartphones. It scans every file you download and protects you from malicious software or files.
– Use licenced OS so that you get automatic updates or download OS patch updates regularly, to keep your Operating System ready against known vulnerabilities.

– Install software patches from original software manufacturers and not from any file sharing sites offering a free download, as soon as they are available.

– A fully patched computer/mobile behind a firewall is the best defence against Trojan.
– Download and use the latest version of your browser.
– In event of your system or computer gets infected with a Trojan, disconnect your Internet connection and remove the files in question with an antivirus program or by reinstalling your operating system. If necessary, get your computer services at a professional repair shop.

8. Money Mule

As the name suggests under Money Mule innocent individuals are made mule/victims by duping them into laundering stolen/illegal money via their bank account(s).

Modus operandi of fraudsters?

Fraudsters get in touch with the individuals/ customers through emails, chat rooms, job websites or blogs, and smartly convince them to receive money into their bank accounts, in exchange for lucrative commissions.
Following this, the fraudsters transfer the illegal money into the money mule’s account.
Next step is to guide the victim or money to transfer the money to another money mule’s/victim’s account – starting a chain with the end results being the money getting transferred to the fraudster’s account.
Such frauds when reported to the police, the money mule becomes the target of police investigations.

How to safeguard yourself from fraud:

– Never respond to emails asking for your bank account details.
– For an overseas job offer, it any, first confirm the authenticity and contact details of the company offering the job.
– Do not get greedy on getting attractive offers/commissions or consent to receive unauthorized money.

The above frauds are compiled on the basis of available data of frauds that have actually occurred but the same cannot be considered exhaustive as the fraudster are always devising new and innovative means to cheat you of your hard earned cash.

Be aware and be safe.