Digital Fraud and its Various Forms
Have you ever woken up in the morning and found a message on your cell that a purchase has been made by you thousand kilometers away when actually you were deep asleep? Ever heard of how people lost money after getting a call from a very nice and helping bank manager? Ever received a mail or a message congratulating you on winning a huge money? Remember the tax refund message that asked you to verify your account? let us explore digital fraud and its various forms, so that you and your dear ones do not fall prey to the evil designs of the fraudsters out there.
We are living in a world that is highly technologically driven and it has made our lives easy, well it has also made the work of fraudsters easy. Scamsters are always on the look out for new ways of defrauding gullible people. They are good at manipulating people, they first try to win the confidence of the target person and then extract sensitive information concerning bank accounts and digital wallets. Special mention about digital wallets because that’s a relatively newer phenomenon for many and an easy spot to target.
Take little time to understand your digital wallets like Paytm, PhonePe, google Pay etc. We must remember that awareness is the only way to prevent frauds. In most of the cases persons have lost money only because they gave away sensitive information to the fraudsters thinking them to be genuine. Let’s have a look at some of the most common frauds in its various forms.
Fraudsters Posing as Bank Manger
“Hello Sir, I am calling from the Main branch of SBI” This is one call that almost all of us have received at some point in time. The modus-operandi of this fraudulent activity is simple. A person introducing himself to be the bank manager or employee calls on your cell and tells that your debit/ATM card is going to be blocked and you will have to visit the branch and stand in long queues to get it activated.
Just when the person shows his irritation on the unnecessary activity, the impostor extends his helping hand by stating that the inconvenience can be avoided by giving him a few details. The fraudster then proceeds and asks the debit card number, it’s expiry date and the CVV. All this is done in a very convincing manner. And finally they persuade the unsuspecting person to divulge the OTP sent to the mobile phone. Once the OTP is given all the money is transferred digitally to the fraudster’s account or digital wallet.
There are various other forms of the same fraud and different ways are employed by fraudsters to trap gullible people. At times they also have the debit card and credit card numbers which is a matter of concern. Sometimes they will entice by offering to convert the reward points accumulated on credit cards, their goal is to first win the confidence of the target and then swindle all the money from the account. The tactics employed may differ but the goal is the same.
How do we protect ourselves? Just remember that banks will never ask for details like your card number, expiry date, CVV and OTP, if somebody does just hang up the phone. If some details of your card like the card number etc. has been compromised, block it and get a new card.
OLX Frauds
OLX and Quickr have become the favorite grazing grounds of fraudsters nowadays. Here sellers and buyers both are the targets.
1. The incident: Mr. X wanted had posted an ad on OLX for selling his mobile with an asking price of Rs 10000/-. He received many calls from prospective buyers but none materialized. Then one day he receives a call from this buyer who agrees to pay Rs 9500/- after a little negotiation.
Having experienced the previous calls, Mr X was a little amused that the buyer has so easily agreed. Nonetheless he asks the buyer to come and take the mobile, to this the buyer tells that he is in a different location and his brother will come and receive the mobile from him. He further insists on making the payment in advance through Google Pay or PhonePe. The fake buyer asks Mr X to respond to the message sent to receive the payment the payment of Rs 9500/- while still on call. The seller in his excitement to close the deal does as instructed by the buyer. When the transaction was over the seller instead of getting a deposit message gets a withdrawal message. Mr X fell prey to the trap laid down by a fraudster and lost his hard earned money.
Modus Operandi: Genuine seller receives call from a person who is just too eager to buy the product even without seeing it. He is more than eager to pay for the product. Occasionally the fake buyer will bargain a little to create the impression of genuineness. If the seller asks the fake buyer to first see the product before making the payment, the fraudster will tell the seller that either his brother or friend will receive the product and that he will make advance payment because he likes the product very much.
Next the fraudster will send a message and ask the seller to accept it, well here comes the twist. United Payments Interface popularly known as UPI is a convenient method of sending and receiving money on real time basis. This is a relatively newer method of doing a transaction from one bank to the other.
In UPI you can send and also request money from another user of UPI. The fraudsters take advantage of the ignorance prevalent among people about UPI. In the above case the fraudster instead of sending money, sent a request of the same amount and kept the seller busy on call so that he does not get time to properly read and understand the message. Once the gullible seller accepts the request and puts in his UPI pin, the money is transferred to the account of the fake buyer. The fraudsters thrive on the good faith that people have on others.
How do we protect ourselves: Awareness is the only way of prevention. Never suspend your critical faculties and never ever close a deal in a hurry. Remember to read the message before executing the transaction and that UPI pin is required only when you transfer funds. To receive funds no pin is required.
Is there any legal recourse available? Sadly it’s a rather tedious process, the aggrieved person can approach the local police station and file an FIR. However there are numerous instances where the police have refused to file an FIR and instead directed the victims to the Cyber cell. Approaching the court to get justice will be very costly, time consuming and an extremely harassing experience. It’s wiser to contact Cyber cell of the respective state and raise a compliant with them. The contact details of the Cyber cells of the various states can be easily found on google.
2. The Incident: Mr X sees an ad on OLX about a scooter in very good condition at a price of Rs 26000/-. He contacts the seller and expresses his interest in buying the vehicle. The seller claims he is a serving personnel of the Indian army and wants to sell his scooter because he has been transferred out of the state. He also sends his id proof, the RC of the scooter to gain confidence of Mr X. To seal the deal the fake seller asks Mr X to send his id proof and make a payment of Rs 5000/- for documentation and other formalities.
Mr X was initially skeptical but was convinced by the impostor into paying Rs 5000/- stating it to be the Army procedure. He was then asked to pay Rs 5000/- more as transportation fee, again as per the purportedly Army guideline. Mr X, convinced that the seller was genuine made a transfer of another Rs 5000/-.
The buyer eager to get the vehicle called the impostor for the delivery of the vehicle, to this he was told that there are dues to the tune of Rs 16000/- pending and unless the payment is made in full, army wont release the vehicle. By this time the Mr X was wary of the delaying tactics of the seller and sought advise from his friends. A little search on the internet was enough to convince Mr X that he has lost Rs 10000/- to fraudsters. There are many versions of this fraud, in some cases the impostors pose as CRPF personnel and the products range from mobile phones to Cars.
How do we protect ourselves? Never be in a hurry to close a deal, step out, go and physically verify the product you intend to buy. Insist on making the payment and taking delivery of the products at the same time.
Frauds with ATM Skimming Devices
The incident: Mr Mohan was having a sip of coffee watching his favorite show on TV when he received a message that Rs 10000/- has been withdrawn from his account from an ATM. He could not believe what he saw, before he could think there was another message of withdrawal of Rs 10000/-. Fortunately Mr Mohan had only Rs 20000/- in his account, he immediately called the bank’s call center and blocked his ATM card. He frantically searched for his debit cum ATM card, it was still in his wallet. Mr Mohan went to his bank the very next day and lodged a complaint. The bank asked the customer to lodge a police complaint as well as it seemed like a case of ATM skimming.
ATM skimmers are devices that steal the data on the cards, and then that data is loaded on a blank card. Along with a skimmer device the fraudsters very craftily set a camera above the ATM keypad or at a place from where the pin can easily be recorded. Skimming is also done using POS machines, where the fraudsters swipe the card in a skimming device and steal all the data in the card.
How to Protect ourselves? Chip based cards are far safer then the magnetic stripe debit or credit cards. The Reserve Bank of India made it compulsory for all banks operating in India to upgrade all magnetic stripe cards of their customers to EMV chip based cards to ensure better safety and security. Some banks were already using it but other banks have upgraded the cards of all their customers on mission basis.
All cards effective Jan 1, 2019 are by default chip based EMV (Europay, Mastercard and Visa) cards. The technology was developed for preventing skimming and cloning by EMV, it has become the global standard for card related payments. However it’s a good practice to inspect the slot where the ATM card is inserted, the skimming device is pasted on the slot and generally comes out easily with little effort. Also cover the ATM keypad with one hand while inputting your pin. But as of now till the time the fraudsters devise a new way of defrauding, you are relatively safe.
Physically updating the passbook
The incident: Mr X an NRI and an HNI customer of XYZ Bank Ltd, Pune branch, generally visited India once in 2-3 years. He had a good platonic relationship with one of the clerks of the branch who was in the branch since many years. Mr X always updated his passbook with the same clerk. As was the general practice he visited the branch after two years of foreign stay and to his dismay his old friend was transferred to a different branch. Left with no option Mr X went to the bank employee in the counter and requested to update his passbook. He got the shock of his life when he looked at his balance in the passbook, it was short by more than a crore rupees.
What had happened? Mr X always updated his passbook with the same clerk and the clerk would cleverly update the passbook manually every single time citing some or the other reason. The clerk withdrew money form Mr X’s account using his forged signatures. Since the passbook was updated manually, Mr X had no idea that his money was being siphoned off. The fraud came to light when the clerk was transferred to a different branch and the passbook was updated by the system.
Large Unknown Credit and Debit in the Account and Great Deals Messages
Here is another way that fraudsters use to defraud gullible people. A few days back one of my friends received a message that Rs 400000/- has been credited in his account . He was quite startled because such a deposit was unexpected. The only credit he received and was expected was his salary. A little inquiry revealed that such messages are sent by hackers who steal the log in id and password details once you visit your net banking through the link given in the message.
The fraudsters send a message that’s likely to generate an urge to inquire further like a large credit or a debit in the account. Many of us must have received a message that stated that Income tax refund of certain amount has been approved and we have to verify the correct account number in the link provided in the message. These are phishing attacks meant to lure people to fake sites that look like the genuine sites. Once you click on these links you will be directed to the net banking page that will look just like your bank’s website, it will be a poor replica but enough to mislead many.
There are many variations to the same trick, remember those viral whatsapp messages that stated amazing offers on Amzon or flipkart. The products were sold at a price far far below their market price, like an Iphone that costs around Rs 60000/- offered at Rs 1500/- and to unlock the offer you had to forward them to ten of your friends. Stay away from such deals.
How to protect oneself? Never access your net banking id and password through the links sent on messages or emails. Always type in the url of your bank and access your net banking. If you have to shop online, go to their apps or the legitimate website to make the purchase.
The Zomato Fraud
The incident: It was a Sunday and Zomato, the online food app, was running some great offers. Rahul ordered some food on the app but was not happy with the food he received. He wanted a refund and called the delivery boy from Zomato. The Delivery boy asked him to call the call center of Zomato.
Rahul searched for the call center number on google and dialed the first number he found. It was answered by a person claiming to be Zomato’s customer care executive, he was instructed that a link will be messaged to him on his cell and he can first send Rs 10 through the link and once it is received his entire money along with Rs 10 will be refunded to his account. Rahul did as instructed and once the the transfer of Rs 10 was done, he received a message that Rs 77,000/- in his account has been deducted. For a second or two he could not believe the message he received from his bank, then sensing something amiss he logged into his net banking and was shocked to know that the entire balance in his account has been wiped of.
How do we prevent such incidents? In the above case the fraudster was a technologically sound fellow. He had managed to fool Google and had got top ranking in google search results. There are many traps out there on google, a similar incident had happened when somebody tried to get in touch with the Google Pay call center using google search results. So back to old school, never click on links sent on messages or emails.
The APPs that take Remote Access
Recently the Reserve bank of India issued an advisory against an app called “AnyDesk” which enables remote access. It’s an app using which you can access and control somebody else’s mobile, provided the other user has got the app installed in mobile and has given you certain permissions that all other apps generally request for. Apps that allow remote access could be dangerous but remember after all it’s the user who has to grant permission. RBI has sent advisory to all commercial banks to sensitize it’s customers against installing such apps on their mobile phones. Also remember, if you are an android user, not to download apps from places other than the Google playstore. Google ensures some level of safety for the apps listed in google play store.
What are the safeguards available?
The Reserve Bank of India has taken cognizance of the rise in number of online frauds and has set a framework for addressing the issue. All banks operating in India have been asked to sensitize their customers to never divulge their card and net banking credentials to anybody. But if you are a victim of digital fraud below are the guidelines laid down by the Central bank for the benefit of the general public.
Zero Liability: The Victim shall get his entire money back in the below scenarios.
1. When the fraud has happened due to contributory fraud or negligence or deficiency on part of the bank, the aggrieved person will get the entire money back irrespective whether the person has reported or not.
2. When the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, the victim has to inform the bank within three working days of receiving the communication from the bank about the unauthorized transaction.
Limited Liability: The victim shall bear the complete loss or partly in the below scenarios.
1. Loss due to negligence like sharing of payment credentials has to be borne by the individual. It must be reported promptly to the bank and any loss after reporting will be borne by the bank.
2. When the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system and the victim has informed the bank after three working days and within seven working of receiving the communication about the unauthorized transaction the below shall apply.
Maximum Liability of a Customer | |
Type of Account | Maximum liability |
• BSBD/No Frills Accounts | 5,000 |
• All other SB accounts | 10,000 |
• All other Current/ Cash Credit/ Overdraft Accounts | 25,000 |
If the reporting is done after seven working days the liability policy is bank specific and can be accessed on the respective bank’s website. Click here to get the detailed RBI circular on Customer protection and limited liability policy.
The next time you encounter any of the above digital fraud and its various forms, you know what to do. If you have had any such experience, please leave a comment, it could just help someone.
Thanks for the info….
A worth reading detailed guide possibly not available anywhere online. Thanks for putting so much effort to produce this article . A must read for people to stay safe from scamsters.
Very useful information!!