Protect yourself against financial fraud online and offline. Here is how

New Delhi: Online fraud has increased over the years. According to data from the National Crime Records Bureau (NCRB), India recorded 50,035 cybercrime incidents last year, up 11.8 percent from the previous year. The Reserve Bank of India (RBI) also recently warned bank customers about fraud, including in know-your-customer (KYC) cases.

Here are some scams and what you can do to avoid them:

1. KYC fraud: Know that your customer norms were relaxed during the pandemic so customers don’t have to go to the bank branch to complete the KYC process. However, some scammers have taken advantage of this to scam people.

RBI said in a press release that it has received complaints / reports about customers who are victims of fraud on behalf of the KYC update.

“The usual modus operandi in such cases involves receiving unsolicited communications such as calls, SMS, e-mails, etc. by asking the customer to provide certain personal details, account / login / card information, PIN, OTP, etc., or to install you an unauthorized / unverified application for the KYC update via a link provided in the notice, “it said.

It is also reported that such communications involve threats of freezing, blocking or closing accounts. As soon as the customer shares information about a call / message / unauthorized application, fraudsters gain access to their account, the banking regulator found.

In such cases, you will receive an unsolicited SMS stating that your card or account will be blocked or reward points deactivated, which causes panic among customers. As soon as you call or write back the number mentioned in the SMS, they lure you under the pretext of KYC verification for personal data. For example, you will be asked for account or login details, card information, PIN, OTP, etc.

Here’s how you can protect yourself from KYC fraud:

The first thing to do is to remember that the KYC update will never be done through a third party app. If you receive such a call or SMS, contact the bank or card issuer – not using the number in the SMS, but the one on the back of your card or your bank’s official website. Also, don’t look for the customer care number on Google as they are sometimes fraudulent numbers too.

Members of the public are hereby cautioned against giving account login details, personal information, copies of KYC documents, card information, PIN, password, OTP, etc. to unidentified persons or agencies, ”said RBI.

2. Sim swap scam: Another common way for scammers to defraud people is by exchanging SIM cards. The general public is using SIM swap when they swap their 3G SIM card to upgrade to 4G. In this case, ask the service provider to swap the 3G SIM for a 4G SIM. Fraudsters use this technique to steal data and then money. As smartphones become more and more popular, our cellphones are being supplied with information such as card details, ATM withdrawal notifications and one-time passwords, etc.

SIM swap fraud will block users and receive messages that their SIM card has been blocked or that the request to change SIM card has been received. Scammers use SIM swap techniques to steal your financial information by locking your SIM card and then swapping it for a fake one. To do this, the scammers turn to the service provider (who pretends to be a real cardholder with forged papers) and request the SIM card to be replaced.

After verification, the service provider deactivates the old SIM. The fraudsters then get a new active mobile phone SIM card. Once the SIM card has been replaced, they will be given access to your OTPs, financial accounts, and card-related alerts, which they then use to commit fraud. These scams are not complex as the scammer usually uses some form of social engineering to obtain information about their intended victim that can be used to answer security questions from the service provider.

How to protect yourself from SIM swap fraud:

The very first step is to remember to keep your financial information private. Don’t trust anyone with your financial information. If you don’t see any service on your SIM card, contact the service provider at the earliest. Beware of social engineering tactics (vishing, phishing, smishing) that aim to steal your confidential and personal information. If your mobile number is inactive / out of range, check with your mobile operator immediately.

To avoid the worst case scenario, change your bank account password immediately. You can also register for regular SMS and e-mail notifications for your banking transactions. This way, even if your SIM card is deactivated, you will still receive the notifications by email. Access your bank statement regularly to ensure that the transactions indicated in the bank statement have actually been made by you. In the event of fraud, contact telephone banking immediately to have your account blocked and avoid further fraud.

3.UPI fraud: Unified Payment Interface (UPI) has become a popular form of payment for millions of Indians across the country. With UPI, you can send the user a request to collect money. This feature is used by scammers to scam people and trick them into unwittingly transferring money.

Types of UPI scams:

• Phishing: This is where scammers send an email or SMS with unauthorized links. Clicking on these links will take you to the UPI app on your phone and will result in an automatic debit from your account. These links can be incredibly harmful and infect your phone with virus or malware.
• Unconfirmed links: A lot of users don’t realize that you don’t have to scan a QR code or enter your UPI pin to receive money through the UPI app. Often times, hackers send fake links stating a “request for money” option. As soon as you click on this link, you will be asked for your UPI PIN or a code will be scanned. This can expose your financial information to hackers.
• Vishing: This is where scammers call you as a bank representative and ask for your UPI PIN or ask you to download a third-party app and state that it is for verification purposes. This gives them access to your data and account details.
• Remote screen monitoring: Sometimes downloading an unverified application from the App Store can lead to data breaches and data leaks. These third party apps can extract sensitive data from your phone and access UPI app details, which can lead to UPI fraud.

How to protect yourself against UPI fraud:

• Don’t deal with strangers: One of the easiest ways for scammers to attack you is through engagement through any medium – phone calls, messages, or social media. Be very careful when participating in promotions that promise huge discounts or great deals in exchange for personal banking information.
• Never share your OTP with others: Banks send OTPs to validate a transaction. No bank or its employees will ever ask about your OTP. So if you come across a message, even if it’s supposed to be from your “bank”, make sure it is a scam. Never give your banking information, credentials, or OTP to anyone via calls or messages, or on computers or devices that are part of a shared network.
• Don’t click random links: Fraudsters use compromised links to attract naïve people and gain access to their accounts. For this reason, you should never click on a random link that you received or proceed with a transaction that was not initiated by you. Remember, you don’t have to pay or enter your UPI PIN to receive money. Hence, any link or request claiming the same is fake.
• Do not download unknown apps: Play Store and App Store try to make sure that bogus apps are removed, but sometimes you can come across fake UPI apps / remote desktop sharing apps. Do not install this on your phone. Download only authentic banking apps. You can find the name of the app on the bank’s website. Check the number of app downloads and check the app ratings before downloading them.
• Connect only with official helpline numbers: If you have problems with a UPI transaction, always contact the support team of the respective bank or UPI app. If in any doubt about fraudulent activity, end the call and call the helpline. Always use the customer care numbers listed on your bank’s official website. Do not take calls from private numbers.

4. Offline fraud: While online fraud has increased, offline fraud is also common. Nowadays, people take ATM withdrawals casually, unaware that a little negligence could cost them their hard-earned cash. Shoulder surfing and card cloning are two very common methods that scammers use to steal money. To put it simply, shoulder surfing is when someone is standing in the vestibule near the ATM to take a look at your ATM PIN.

When cloning cards, fraudsters install devices in ATMs that scan people’s debit cards. These cloned cards are then used for online transactions or to withdraw cash.

How do you protect yourself from offline fraud?

Always enter the ATM booth alone. Be careful that nobody should shoulder you. You can never tell if the person surfing on the shoulder is a scam or not. When entering your debit card PIN at a point of sale machine or ATM, be sure to cover the number pad with your other hand. Always look carefully at the card slots in the ATM. Make sure there are no protruding parts, fragments, cracks, or glue-like substances around the slot.

Necessary precautions:

Always use sturdy passwords that are not a multi-factor authentication word and make it long. The password should contain uppercase letters, lowercase letters, numbers and special characters. Be sure to practice clicking safely and be careful when clicking attachments, links, and emails. Always check the URLs of websites. If you use a personal laptop for office work, create a separate user account. Also, keep your systems and software up to date

Make sure to change the default settings and passwords of your home WiFi to reduce the potential impact on your work of an attack from other connected devices. When someone calls and asks for confidential information, say no. Call the number on the back of your card or on the checkbook.