A Guide to Financial Cyber Frauds and Why they Happen?

Cyber Frauds


Can you read this?

“It wsa a well-knwon peracher woh wsa fuond daed in a fisrt-calss rialway carraige with a thrid-calss tikcet in his pokcet.”

You sure can.  This is because – the phenomenon is called or transposed letter effect – the human mind reads the whole word and not the full spelling of the word.  The mind also anticipates the next word in a sentence based on the earlier word. So what has this to do with financial fraud?

There have been instances where banks have wrongly remitted money to people for whom it was not meant based on e-mail instructions purportedly received from their constituents.  The first e-mail received by the bank mentions the amount and the account to which it should be remitted.  Thereafter, another e-mail comes requesting for change of the account.  Acting on the second e-mail the bank remits money to the second account name.  Subsequently, it was discovered that the second e-mail came from a similar e-mail id but with a slight transposition of two letters.  While it is okay for us to read jumbled text, it is always better to check letter strings such as e-mail ids, website addresses, etc. before acting on them.

How/why do financial frauds happen?

The quote jumbled above is from an essay by AG Gardiner called ‘Umbrella Morals’. The author found that the umbrella he had kept in the umbrella stand was missing instead there was another shabby umbrella in its place.  He suggests that the propensity of people to exchange umbrellas and also the habit of not returning books borrowed are usually done by perfectly honest people.  As with the preacher, his justification for his travel in a first-class carriage would be that he is not hurting any individual but only a faceless organisation – the railways.  This is the essence of financial cybercrime.  There is no face to face meeting with the victim unlike in the case of pick-pocketing or mugging.

There is another angle to these episodes.

You may, in a moment of weakness, allow yourself to be duped.  There was this gentleman whose job was to monitor his company’s e-mail messages.  Every morning he would look up the messages received and forward them to the dealing officials.  One morning he found a message asking for details of the debit card including the CVV.  This was not his personal e-mail id but the Yet, he gave away the details of his personal card and realised his slip only when he received an SMS saying that Rs.14,000/- was debited from his account. This is a true incident.  It is due to such incidents that a two-factor authentication in the form of an OTP was introduced.  Innocent people have become victims of such frauds and have lost money requiring authorities to come up with measures to protect us from ourselves.

Very recently, a gentleman received a message through Messenger from a Facebook friend asking “is this you in the video?” followed by a link.  Fortunately for him, his laptop had an application, uBlock Origin, which cautioned him from opening the link. It is possible that if he had been able to open the link, somebody would have installed malware to gather information from his device.

Different ways perpetrators use to commit frauds

Several well-meaning people and organisations have analysed various frauds committed and identified some common ways used to dupe you and me.

  • The most common one is the Lottery Fraud where SMS messages are sent to random people telling them that they have won a lottery. On responding to the message and sending them details of your bank account to receive the money, they seek payment of administrative charges, etc. and con you out of your money.
  • Similar to the above is where a technique called Phishing is used. Phishing is a method by which fraudsters create a website mimicking an original one such as a bank or a company.  If it is a bank website, information on your credentials will be sought and used to withdraw money from your account.  Companies’ websites fraudulently created are used to advertise vacancies and fees for processing applications, etc. are collected.  Fake job search portals are also created by which you apply for a job online.  Subsequently, a person claiming to be from a reputed company interviews you and offers you a job and seeks money for training, etc.
  • Another way is by way of Vishing calls where people call you pretending to be from your bank or your credit card company with the intention of persuading you to part with sensitive information.
  • If you use a charging station in an airport or other public place, the charging port could be used to steal data from your mobile or laptop. Called Juice Jacking, this can happen even if you use free Wi-Fi in public places.  Not only your data can be stolen, but some malware apps can also be installed on your device to gain remote access to it.
  • Through such as Facebook, Instagram, etc., fraudsters hijack accounts and seek money from you impersonating your friend.
  • It is common for us to search for customer care telephone numbers through search engines. Perpetrators of frauds introduce their own numbers along with fake websites and lure you to part with information to defraud you.
  • By using SIM swap, you get a phone call from what you presume to be your telecom service provider and seek details of your SIM card promising you up-gradation, etc. This information is used by them to disable your SIM and duplicate it to their mobile devices.  They then put through financial transactions by using already obtained data about your bank accounts, the OTP on their device and clean out your account.
  • Online Selling Platforms are created by fraudsters and on your try to buy an item from the site, they persuade you to use a ‘pull money’ option by which instead of you getting paid, you end up paying them.
  • ATM Card Skimming involves a situation in which a device is attached to the ATM by which your card details are collected and cloned into another card. Simultaneously, a small camera is also deployed to read your PIN.  With these, money is withdrawn from your account.

Precautions to be taken to avoid becoming a victim

Personal: They say sharing is caring, but not in the case of passwords, OTPs, ATM PINs or CVVs.

These are secret identifiers – share these with the wrong set of people and you will end up sharing your hard-earned money.

It is also a good idea to use the virtual keyboard when entering passwords on websites.

Having different IDs and passwords for different accounts make things safer.  You also need to change passwords frequently for all your accounts.  A strong password is one that contains a combination of alphabets both capitals and lower case and numbers/special characters.

Bank account: It is always better to enter the URL of your bank or any financial website directly instead of using a link from a search engine or receiving from a website.  Ensure that the address starts with https: and the status bar of your browser has a lock icon (the ‘s’ stands for secure).  Remember to invariably log off from your bank’s site and erase the browser history. Regularly checking your banking transactions will tell you if there is any suspicious entry.  You will need to take up such discrepancies with your bank immediately – you will need to keep your bank’s customer care numbers handy for this. Needless to say, it is dangerous to undertake financial transactions while using shared public Wi-Fi or on shared computer networks.

ATM: At the ATM, please ensure that you are alone in the kiosk.  After you receive the money, ensure that the screen shows ‘transaction completed’ before you leave the ATM. Registering your phone number with your bank and subscribing for alerts will help get confirmation of the amount debited.

Debit/Credit Card: When you receive your new debit or credit card, you need to check if the cover has not been tampered with.  If the cover shows any signs of tearing and repasting, you should take it up with your bank immediately or even return the card. You should also change the PIN given by the bank before you start using the card. Nowadays cards – both debit and credit – can be used for online purchases or international transactions only after you enable it.  These should be enabled only if you are using them regularly.  International card transactions should be enabled only for the period you need to use them. You can set limits on individual transactions on not only card transactions but also net banking.

Devices: All devices you use such as laptops, smartphones or desktops should invariably have anti-virus and anti-spyware programmes installed and regularly updated.  Let us avoid downloading unverified apps on to our devices. Auto password-enabled screen locking of your devices would ensure that nobody else can use your device when you leave the device unattended.

Redress in the case of unauthorised transactions in your account

In case you have noticed or come to know of any unauthorised transaction in your bank account, the first port of call is your bank.  Immediately call your bank’s customer care number and report the same.  Please insist on an acknowledgement.  If you notify the bank within three days of the event, your liability will be zero even if it is your fault.  Delays in reporting could increase your liability.  You can get more details on how to limit your losses by giving a miss call to 14440.

The Ministry of Home Affairs, Government of India has also introduced a national helpline 155260 to report cyber frauds.

You can also make online complaints by visiting the links:

RBI: https://cms.rbi.org.in/

Cyber Police Station: https://cybercrime.gov.in/