Taking cognisance of recent instances of cyber frauds, the Reserve Bank of India has recommended a slew of safe digital banking practices.
In a press release, Chief General Manager of RBI Yogesh Dayal urged customers to never share bank account details, even with bank officials. Dayal also said that emails or phone calls that threaten that one’s account may be blocked were ‘common modus operandi of fraudsters.’ “Do not respond to offers for getting KYC updated/expedited. Always access the official website of your bank/NBFC/e-wallet provider or contact the branch,” he added.
“It has come to the notice of Reserve Bank of India that unscrupulous elements are defrauding and misleading members of public by using innovative modus operandi including social media techniques, mobile phone calls, etc. In view of this, the Reserve Bank cautions members of public to be aware of fraudulent messages, spurious calls, unknown links, false notifications, unauthorized QR Codes, etc. promising help in securing concessions/ expediting response from banks and financial service providers in any manner.” — RBI press release
Social engineering-based cyber frauds are on the rise and they’re not just targeted towards senior citizens (perceived to be unskilled in digital use) but also target those who are technologically proficient and use smartphones on a regular basis. Recently, Reliance Jio warned customers of a social engineering fraud where scammers posing as Jio representatives try to gain access to a customer’s sensitive information such as Aadhaar, bank account details, and so on.
Typical modus operandi used by fraudsters, according to RBI
The RBI listed various ways in which fraudsters attempt to get access to confidential details like user id, login/transaction password, OTP, debit/credit card details and other personal information. They are —
- Vishing: RBI described vishing as phone calls pretending to be from bank/non bank e-wallet providers/telecom service providers in order to lure customers into sharing confidential details in the pretext of KYC-updation, unblocking of account/SIM-card, crediting debited amount, etc.
- Phishing: RBI said phishing activities included spoofed emails or SMSs designed to dupe customers into thinking that the communication has originated from their bank or e-wallet provider and contain links to extract confidential details.
- Remote Access: The central bank said that many fraudsters lure customers to download an application on their mobile phone or computer through which they are able to access all the customers’ data on that device.
- Payment request: RBI also said that many scammers were misusing the ‘collect request’ feature of UPI by sending fake payment requests with messages like ‘Enter your UPI PIN’ to receive money.
- Fake numbers: Many scammers are providing fake numbers of banks or e-wallet providers on webpages, social media, and displayed by search engines, etc, RBI added.
Checking URLs, domain names received in emails and other safe banking practices
These are few of the practices that RBI recommended for users to follow while carrying out online banking and similar activities —
- RBI urged citizens to not download any unknown app on your phone or device. “The app may access your confidential data secretly,” it said.
- RBI informed that transactions involving receipt of money do not require scanning barcodes or QR codes or entering MPIN. It urged one to exercise caution if asked to do so.
- “If you receive an OTP for debiting your account for a transaction not initiated by you, inform your bank / e-wallet provider immediately. If you receive a debit SMS for a transaction not done, inform your bank / e-wallet provider immediately and block all modes of debit, including UPI,” it said.
- RBI recommended users to not share the same password of one’s email with their bank or e-wallet account. It also urged users to not set their passwords as ‘password’.
- The fake loan app scandal is not going away anytime soon
- Microsoft Warns Users Of A Sophisticated PhaaS Operation. Here’s What We Know About It
- India One Of The Most Affected By Russian Govt-Backed Gmail Phishing Campaign
Have something to add? Post your comment and gift someone a MediaNama subscription.