Siphoning of Money by Cyber Criminals

Gopabandhu Mohapatra

Bank account holders in the country are probably witnessing the best of the times when it comes to making banking transactions. With cutting-edge technology, operating bank accounts, doing fund transfers have become easier than before. However, with ease of operations, the safety and security of bank accounts also needs to be taken care of. While banks, on their part, keep tightening the security measures, it is up to the individual bank account holder or the e-wallet user to maintain the security of one’s account.

Scores of reports in the recent past have shown that fraudsters are taking help of various routes to dupe people of their hard-earned money. Online frauds are increasing along with the growing popularity of online banking. The fraudsters are inventing new ways to cheat unsuspecting people.

The data for FY20 till December 2019, shows more than 52,006 cases of fraudulent usage of debit cards, credit cards and internet banking were reported. The amount involved in these fraudulent transactions is estimated as Rs 228.44 crore. In FY 2018-19, more such cases of 52,304, were reported and the amount relating to fraudulent usage was at Rs 149.42 crore. India stands third in the world among the top 20 countries that are victims of internet crimes.

Siphoning of money by making phone calls is a technique that is commonly used by cybercriminals. The unsuspecting users often commit the mistake of revealing sensitive banking information over the phone call as the cybercriminal poses himself as a bank official. The information is then used to quickly withdraw money without the user having enough time to realize his mistake. However, all banks have been regularly warning customers against sharing confidential information with anyone.

Sometimes, a person may get a call from someone claiming to be a senior officer from the bank and asks for details like Card Number, expiry date, CVV and password etc as part of due diligence, failing which the card would be deactivated within five minutes. Unwittingly, the information is shared and the entire amount from the bank account is withdrawn. Seeking help from cyber cell or the police will not yield results and the banks too, take the stand that since card was in the user’s possession, he is responsible for the transaction. Sometimes, the victims also unknowingly end up helping the fraudsters, by storing their passwords in mobile phones and computers.

Occasionally, we also hand over the card to the attendant at a restaurant or a shop with our CVV number and thereby we are putting our card security at risk. Many users tend to store their PIN in their mobile phones or maintain passwords that are easy to crack like birthdays, mother’s name and so on, making the task easier for fraudsters.

Please note that the bank (card provider) or tax authorities never ask you to reveal details over the phone or click a link on a mail. No Bank will ever ask for any personal credentials/ information over Phone / SMS / e-mails. If you receive a call / e-mail requesting Internet Banking security details like PIN, password or account number, please Do Not Respond. Beware of anyone asking you for such information on behalf of the bank through e-mails or phone calls. Never disclose your passwords to anyone, even to the bank’s staff. Never call/ respond to unverified phone numbers claiming to be from the Customer Support Service.

Please avoid accessing your Internet Banking account from a cyber cafe. Change your Internet Banking password regularly and never disclose it to anyone. The password should be complex and difficult for others to guess. Use strong password (Combination of alphabets, numbers and special characters) that is easy to remember but difficult to guess. Use different passwords for different accounts and change them periodically. Do not write them down. Always remember to Log off on Internet Banking and close your browser when you have finished your online banking session.

To counter various online and card-related frauds, RBI and other banks have taken measures, to issue new cards using the chip based with PIN technology. Banks have also implemented additional security form factors like One Time Password (OTP) to authenticate the transactions. Please do not share OTP. Bank uses a combination of Secure Socket Layer (SSL) protocol, password and two factor authentication among others to protect your information. However the onus is on the user to protect their account and their money from being falling onto the wrong hands.

Do not post sensitive or confidential details like date of birth, PAN, Bank Account details etc. over social media. Never call/respond to contacts available in Google, Facebook etc. For any grievances like loss of Cards/PIN etc. contact bank’s toll free number. Register your mobile for SMS alerts and check the accounts periodically for any suspect / odd transactions.

Be cautious about any unsolicited offers or opportunities offering you the chance to make some easy money. These adverts will normally state that they are an overseas company seeking “representatives” or “agents” to act on their behalf for a period of time.

The Reserve Bank of India has advised the general public not to fall prey to fictitious offers for release of cheap funds, claimed to have been remitted by overseas entities to banks in India / Reserve Bank of India. The Reserve Bank of India has further clarified that it does not maintain any account in the name of individuals/companies / trusts in India to hold funds for disbursal.

While it is the endeavor to provide with the best of online services and facilities, no Bank will be responsible for any erroneous transactions made by you. The Bank shall also not be responsible for misuse of your account arising from any wrong, inadvertent or other kind of disclosure of such details by you.

“Phishing is a technique employed by scamsters to illegally procure personal information like account numbers, Internet banking user ids and passwords, etc. The most frequently used method is to send a spam email to a large database of email ids say, all Gmail IDs or all yahoo IDs. The spam email is designed in such a way as to look exactly like an email sent by the target company/bank.

The phishing email simply asks the recipient to click on a link and enter their user id and password. Different techniques are also used to lure the recipient to click on the link: validation of account information, the threat of account suspension, etc. If you look carefully, the link will not lead you to the desired websites. The Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology (MeitY) alerts against phishing campaigns in the name of Govt. of India.

There is a portal (https://cybercrime.gov.in/) as an initiative of Government of India to facilitate victims/complainants to report cybercrime complaints online. This portal caters to complaints with a special focus on cybercrimes.

(Author is a former banker. Views expressed are personal)