With the migration to a digital economy, digital payments are on the rise. Fraudsters have continued to keep up with changing times. They too have learnt the tricks of the new trade and have come up with innovative ways to hoodwink unsuspecting general public to defraud. It attempts to put together some of the popular modus operandi prevalent in the digital (part 1) as well as the brick and mortar (part 2) space alongwith the Do’s and Don'ts.
Digital Space
In the digital space, fraudsters have adapted new techniques to deceive individuals and commit fraud, by leveraging human psychology. They exploit emotions such as fear, greed & need to manipulate unsuspecting victims into compromising their sensitive information. Understanding these tactics is essential for safeguarding against fraud in today's convenience economy (aka digital economy).
Fear: Fraudsters use fear-inducing scenarios such as threats of electricity disconnection, blockage of bank accounts for non-compliance with KYC requirements, insurance policy renewal, contrived interception of courier packages allegedly containing illegal items (also known as FedEx phishing) to make you part with sensitive information or money.
Greed: They entice victims with promises of monetary gain. A frequently used hook is to lure the unsuspecting victim to transfer funds with a promise of better returns or a great deal. E.g spurious e-commerce websites mushroom overnight to offer stupendous deals in the form of discounts or cash back on branded items being offered without Cash On Delivery (COD) but only against pay first, delivery later. Another popular method involves lottery winnings e.g you getting selected as beneficiary in a “lucky draw”.
Need: Fraudsters exploit people's need for income through schemes like fake jobs, pay for likes, become movie critic etc to enrol and share bank details. A common trick on the house rentals is through tracking postings on platforms like Magic Bricks, NoBroker etc. and posing as military personnel on transfer seeking house on rental. The fraudsters request you to initiate digital payment to enable them to get your UPI handle for “transferring” initial deposit. Subsequently, instead of sending a payment they send a request for funds which if accepted leads to debit to your account instead of a credit. Similar modus operandi is used by way of requesting QR code scans for money transfers in cases of sale of goods on resale platforms like OLX etc.
Do's to Protect Yourself:
Register your email and mobile number with your bank to receive instant alerts.
Opt for chip-enabled cards and set transaction limits for online, ATM, international, and NFC transactions.
Verify message headers for authenticity- Check URLs and domain names received in emails for spelling errors, especially wrt re-KYC, account blockage, or disconnection of services. In case of suspicion, notify local police/cybercrime branch immediately.
Request official meetings or written communication when someone purports to be calling on behalf of law enforcement agencies or insurance companies.
Evaluate deep discount deals sceptically, ensure to conduct background checks by simply asking around before engaging in deals and avoid prepayment-only transactions.
Adopt Good Practices:
Beneficiary authentication: Use beneficiary authentication features provided by banks for high-value digital transactions such as down payments or high value investments etc
Prefer Add Beneficiary route: For payments to payees not enrolled on your digital platform, prefer add beneficiary option since it has a mandatory cooling period over quick pay options.
Share UPI handle: UPI handle obviates the need to expose bank account details for receiving payments.
If you receive an OTP for debiting your account for a transaction not initiated by you, inform your bank/e-wallet immediately.
Passwords or PIN: Set strong passwords or PINs with a minimum of eight characters, including a combination of uppercase letters, lowercase letters, and special characters. Regularly change them, and immediately block lost or misplaced cards.
Install antivirus software on desktop/laptop devices to protect against malware attacks.
Don'ts to safeguard against:
Avoid using public, open, and free networks for banking transactions.
Refrain from downloading unknown/screen-sharing app on your phone/device. The app may access and share your confidential data secretly.
Never share PINs, login credentials, or passwords with anyone.
Avoid sharing bank account details for receiving rewards/lottery winnings.
Receiving money does not require scanning of QR codes or entering MPIN
Never respond to messages offering/promising prize money, Government aid. These may defraud your phone/device.
Do not scan QR codes to receive payments.
In Case of Becoming a Victim, Act Immediately
Formally inform your bank immediately through customer care, if you experience fraudulent transactions. As per RBI guidelines, if the loss is due to an error on your part, your liability is limited until you report the activity. If you haven't shared payment details and report within three days, you won't bear any loss. The bank is obligated to refund the lost amount if the fraud is confirmed. Additionally, report cybercrime to the National Cyber Crime Reporting Portal or file a complaint with the police. Online complaints can be filed through cybercrime.gov.in. Jankar Baniye, stay proactive in safeguarding against fraud and securing your personal information. See you soon in the part 2 of the article in this Jankar Baniye series.
(Salil Datar is a senior banking and finance professional and has more than three decades of experience in banking, neobanking and cross border financial services)