Reported By:
| Edited By: Yogini Joglekar |Source: DNA |Updated: Mar 18, 2018, 03:06 AM IST
Today, with technological know-how growing leaps and bounds, almost everything is just a click away on the internet, be it paying bills, booking tickets, buying insurance, net banking or filing income tax returns.
However, the internet does have its perils and we should know and learn to tackle online identity theft scams.
Phishing scams: Phishing scammers send fraudulent emails disguised as an official email request from a bank to gain private and sensitive information. Recipients are lured into believing the mail and they click on a link that leads them to a fake website that looks similar to the bank’s actual website. This way, the fraudsters capture confidential details such as customer ID, IPIN, credit/debit card numbers, card expiry date and CVV number.
Customer’s email address is obtained by the fraudster through untrustworthy sites where the customer would have revealed his email address or shared it in chat rooms, blogs or mailing lists.
On its website, HDFC Bank suggests that when customers realise they have been victims of a phishing scam, they should immediately access their netbanking account and change the IPIN and verify recent transactions in the account. If no fraudulent transactions are observed, then they must forward the phishing email to the bank for future reference.
Vishing: This is a combination of voice and phishing. The fraudster sets up an automatic dialer and when the phone is answered, a pre-recorded message is played that tells the customer that his/her credit card has had illegal activity and the customer should call the recorded phone number immediately.
When the customer calls the number, it is answered by a computer-generated voice that instructs the customer to enter his/her 16-digit credit card number. Once the customer begins to follow instructions, the customer falls prey by giving his personal details like date of birth, passport number and mother’s maiden number. Hence, in case of any suspicion, the customer should disconnect the call and immediately report it to the bank.
An ICICI Bank spokesperson warns, “Do not leave any personal or account details on any telephone system that you are directed to. When a telephone number is given, you should first call the phone number on the back of your credit card or on your bank statement to verify whether the given number actually belongs to the bank. We generate awareness amidst our customers through our communication on the website, advertisements, mailers and statements.”
Zeus: Zeus is a Trogan that infects the end users machine. Today, its one of the most common Trojan impacting bank customers. The Trojan gets downloaded on the user’s machine and when the he clicks on a link, an attachment opens from an unknown website. The Trojan gets installed and if the person starts his net banking activities, the Trojan captures the customer’s confidential details, which leads to fraudulent activities. Therefore, it is the responsibility of the end user to ensure that his anti-virus is updated and his machine is not infected.
Use a virtual keypad: While carrying out net banking activities through public computers, there are chances that your user id and password may be hacked through a spyware or Trojan that may be installed purposely in certain computers to leak personal details. “When you use the keyboard and enter your password, hackers may be able to capture your password via advanced key loggers (Hidden malicious software that capture key strokes). Usage of virtual keypad provides you a better protection of your passwords against key loggers, as the password is entered using the mouse and as the keyboard layout on the virtual keypad is random,” says CVG Prasad, CIO, ING Vysya Bank.
“Cyber cafes should be strictly avoided for online transactions because the connectivity and systems of an internet cafe are not secure and chances of viruses capturing data from terminals in internet cafes are higher. The counterfeit software installed at cyber cafes might inject key loggers, spywares, which collect all the login credentials with keystroke entries and search for password related files and send them to the fraudsters who can misuse the information and cause huge damages,” says Shalini Mehta, executive vice president, Kotak Mahindra Bank.
Pirated softwares: Sometimes they comprise malwares and some sort of an automated virus initiated while copying content. There are no security upgrades available, hence it leads to the software being vulnerable and prone to be exploited by the present Trojans. This also leads to computers behaving erratic, since the softwares are injected with virus.
