With the proliferation of payment apps and their ability to send money, pay bills, receive money, recharges and instant payments, the dependence on cash is gradually waning. Individuals can now resolve their money needs in a fraction of seconds using the digital modes. The sudden surge in digital payments has, however, also amplified the risk of cyber theft. Too much online involvement have increased the probabilities of different kinds of a cyber attack.
1. ATM card skimming
Skimming devices are installed in ATM machines by fraudsters who take data from the customer’s card. According to the RBI release, “Fraudsters may also install a dummy keypad or a small / pinhole camera, well-hidden from plain sight to capture ATM PIN. ? Sometimes, fraudsters pretending to be other customer standing near-by gain access to the PIN when the customer enters it in an ATM machine. This data is then used to create a duplicate card and withdraw mo money from the customer’s account.”
2. SIM swap or SIM cloning
In cases like SIM swap or SIM cloning, “Fraudsters may obtain a duplicate Subscriber Identity Module (SIM) card (including electronic-SIM) for the registered mobile number linked to the customer’s bank account by gaining access to the customer’s Subscriber Identity Module (SIM) card,” states RBI. Fraudsters use the OTP received on such duplicate SIM to carry out unauthorised transactions. Fraudsters generally collect the personal / identity details from the customer by posing as a telephone / mobile network staff and request the customer details in the name of offers such as – to provide free upgrade of SIM card from 3G to 4G or to provide additional benefits on the SIM card.
3. Scam using QR Codes
The widespread QR Code scam has made its way into India as more and more people start using smartphones and online payments in general. In a circular by RBI, it is stated that customers are frequently contacted by con men under a variety of guises and convinced to use the banking applications on their phones to scan QR codes and the moment users scan the code, they unknowingly authorize money transfer into the scammer’s bank account.
4. Frauds using screen sharing app / Remote access
RBI warns customers stating the procedure that “Fraudsters trick the customer to download a screen-sharing app. Using such an app, the fraudsters can watch/control the customer’s mobile / laptop and gain access to the financial credentials of the customer. Fraudsters use this information to carry out unauthorised transfer of funds or make payments using the customer’s Internet banking/payment apps.”
5. Phishing hacks work
Fraudsters create a phishing website that appears to be a legitimate website, such as a bank’s website, an e-commerce website, a search engine, and so on. Fraudsters distribute links to these websites by SMS, social media, email, and Instant Messenger, among other methods. Many clients click on the link without first checking the Uniform Resource Locator (URL) and enter security credentials such as a Personal Identification Number (PIN), One Time Password (OTP), Password, and so on, which are collected and utilised by fraudsters.