Me for my security

Hello everyone, this is my honest attempt to make you all aware of financial cybercrimes. As we all know, since lockdown, all of us have started using different digital platforms for transactions. The government also encourages digital transactions. Digital transactions like ATM, UPI, Paytm, etc., are seamless and easy to use. We all like doing all these transactions but do we know what care we must take while doing all these transactions? What precautions must we take while using all these third-party apps?

Let us take a look into it through our 4 module series. We hope you understand it and share it to save your loved ones from getting defrauded.

Table of Content

• Incidents of frauds-1
• Incidents of frauds-2
• How frauds can be prevented: Practical Approach
• How frauds can be prevented: Technical Approach

Incidents of frauds-1

One fine day, Pinky was surfing on the internet. She found awesome dresses at reasonable prices on xyz.com. Like every other girl, Pinky purchased the one she liked the most. She was happily waiting for the parcel to be delivered.

Finally, it was delivered. But, wait, what? It wasn’t a dress she desired for. She searched for customer care numbers immediately on the internet and called. A person over the phone offered an Immediate refund to Pinky. She was happy again. Now, customer care asked her for a few banking credentials. Pinky, who was already excited to get money back, was ready to tell everything.

He asked her to share one encrypted link to some number and the last six digits of ATM CARD. After some time, he asked her for one OTP. She shared that too. He told as a part of verification Re. 1 will be debited from her account. Pinky was okay. Just one rupee. Day passed.

The next morning, Pinky checked her account, but before that, she received debit messages from her account for Rs. 60000. She got worried and went to the bank. Bank told her the account was debited because of UPI Application and this is not a case of hacking but this is because of her negligence while handling her account.

Mr. Ashok is a very well learned personality. One day, his wife told him that their car became too old. So, they must sell it and buy a new one. Mr. Ashok agreed but considering Corona’s pandemic situation, he thought of selling it through online deals rather than offline to reduce contacts.

So, he searched for an online second-hand car dealer. He called the number he searched from google. Dealer got the nerves of Mr. Ashok. He gave Mr. Ashok the price he desired for.

Here, like Pinky, Mr. Ashok, too, was happy. The dealer said he would pay first and then take the car. He asked Mr. Ashok to scan the QR codes he will be sending, and by scanning those, Mr. Ashok will receive money. He told him to use *ABC APP, which Mr. Ashok was already using but was unaware of such an extraordinary facility to scan QR to credit the account.

Mr. Ashok scanned it for the first and authenticated transaction using his MPIN; his account was debited by Rs. 10000, instead of credit. The dealer said it was a mistake; he will send a revised QR with 10000 extra credit, but again what, his account was debited. This continued, and Mr. Ashok lost 50000 altogether and realized he was getting duped. He, too, visited a bank. Bank told him QR scanning debits the account of the customer and never gives the credit. Again, the case of customer negligence.

So, people Mr. Ashok and Pinky lost their money due to negligence, and we don’t want you to be one of them.

In the next module, we will discuss two other modes of theft.

Incidents of frauds-2

Earlier, we discussed two stories. Now we will discuss two more stories.

One fine day Mr. Ramesh received a message.

“Emergency Situation? Need Cash? Get a loan of up to Rs. 50,000 instantly. No Paperwork needed. Quick approval process. Try Now: www.xyz.com/buiy”.

Mr. Ramesh clicked on the link, and he found himself on Play Store to download the “XYZ” app. Mr. Ramesh downloaded it. The app was not from any reputed bank or any reputable loan agency. Still, Mr. Ramesh goes to the app. Shared his credentials. The application took access to all his contacts.

Mr. Ramesh took Rs.5000 from this app, but suddenly all his contacts were bombarded with messages that “Mr. Ramesh had shared you as a trusted person and he defaulted on our payment. Please pay Rs.10000 immediately or face action”.

Now, what wrong did Mr. Ramesh do? Clicking on an unknown link, downloading untrusted apps and allowing and sharing all his detailed information including contacts. He was not only defrauded but also lost his reputation in contacts.

Similarly, one day Ms. Smita received a call from an unknown person. That person said, “there is an offer for you; please click on the link and get the best deal.”

Ms. Smita immediately clicked the link and found herself downloading some app. Fraudster asked her IP mentioned on her screen. She shared the same. Now, this provided access to her phone to that unknown caller.

She wasn’t aware of it. The caller asked her to open her “MNO” banking app. She logged in to her banking app with username and password.

The fraudster cloned her credentials and used them on another machine. Banks had OTP security for those applications while transferring money.

Now, fraudsters attempted transactions and could easily read OTP from Ms. Smita’s device. The fraudster managed to steal almost Rs.500000 from her account.

She visited the bank, but the bank clarified that sharing crucial information was necessary for these transactions, and she is not eligible for any refund.

So, these are incidences I came across from people telling around me. In the next module, we will discuss some practical measures to prevent ourselves from fraud.

How frauds can be prevented: Practical Approach

We have seen our parents, grandparents securing bank Chequebook, passbooks, and Deposit receipts in safe and confidential places in our daily lives.

Many times they make sure no critical document is left visible in general to anyone.

Why must this be the case? Because they want to protect it from others.

It is similar in the case of our digital transactions. We must secure ourselves.

I’ll give you a practical checklist to safeguard yourself from being defrauded and vigilant while doing these transactions.

1. Never share your account details on call. Even if it is bank officials calling. The bank never asks you for details on call; they will ask you to visit the branch.
2. Never attempt to click on unknown links. If you are not sure about it, never click it.
3. Never download unknown apps from the Google Play Store on demand of strange people. Bank will never ask you to do anything on call.
4. Don’t share crucial details such as ATM card number, mobile number, OTP received on mobile, or UPI/ATM pin on call to an unknown person.
5. Never rely on third-party apps except for trustworthy apps your bank is providing.
6. Never get fooled by instant credit messages, calls. Always visit your bank first to avail credit.
7. Sometimes, your closed ones may also share a link to some app. Make sure you don’t click on it before verification. Many times fraudsters use the social networking accounts of your close ones to fool you.
8. Be alert be vigilant while attempting digital transactions.
9. In events of any unauthorized debits to your account, rush to your bank. Take immediate action on such debits to prevent further loss to the account. It is your money, and that’s why being alert is your responsibility too.

While sharing all these, I’m not attempting to discourage you from using digital payment modes. All I’m trying to convey is to be responsible and alert while using these channels.

In the next module, I’ll be discussing a few technical preventive measures.

How frauds can be prevented: Technical Approach

Till now, we have seen how fraudsters approach us and how practically we can prevent ourselves from fraud. Now, we should learn about some technical aspects so that these frauds can be prevented.

A practical approach is necessary for prevention, but a technical approach is required to safeguard ourselves from financial frauds and maintain the privacy of our devices, such as our images, mails, and other things.

So, let us look into it.

1. Always use a password on your mobile. It will help you to keep your data safe if someone tries to steal your phone. Don’t let other people use your mobile phone unless you trust them.
2. Never use public WiFi. Many times public WiFi is not secure. Connecting your phone to this network means someone might be able to monitor your online activities.
3. Never share any sensitive information (card details, card photos, etc.) using a social media platform. Most of them have backup facilities, and your data can be stored longer. Many times people share their details on social sites while commenting. If an account gets compromised, it can also compromise your data.
4. Avoid Using phones in the CCTV area while making a UPI payment or any other payment; make sure your screen is not exposed to any CCTV camera in the store.
5. As I said earlier, never install apps from an unknown source. All android phones come with security settings that prevent you from installing apps from unknown sources. But some people intentionally disable that setting to enjoy crack versions of their favorite premium apps or games. Make sure you have this security option enabled on your phone.
6. We should not believe crack apps; they can come with integrated Malwares that can silently share your mobile activity with hackers. Always use genuine apps.
7. Keep your phone and all apps up to date. Mobile companies roll security patches every month to avoid a security breach.
8. Before you install any app or game on your phone, check what permissions it’s asking you. If you found any suspicious permission, terminate the install process. (Ex. Photo editing app should not ask permission to access your phone contacts.)
9. Never buy a second-hand phone unless you know the seller is an owner and has a valid purchase receipt.
10. Make sure you enable kids mode before you give your phone to your kids for enjoying games. I have seen kids activate regular payments through UPI or any other mode for games from their parent’s devices, where parents are not even aware of it.
11. It is good practice to restart your phone or enable lockdown mode before you go to bed. Doing this will help you prevent the misuse of your thumb while you are sleeping.
12. Check on your sim network. If it stopped working suddenly, attempt to check what happened. SIM cloning is a major area where fraud can occur.

Folks, this series is not an exhaustive list of prevention you must take. There are many others also. I will update the same as and when I come across any. Till then, I’ll request you all to safeguard yourself from all cyber crimes and make sure you spread my words to your loved ones to safeguard them as well.

Share your experiences of such incidents, if any, with me.