Daily Roundup: Payment frauds
An epidemic of payment frauds
Increase in payment frauds
Today, along with keeping oneself safe from the coronavirus, one has to be mindful of cybercriminals. These criminals are especially targeting users who are taking the digital route to conduct financial transactions.
Unlike simple email-based scams of the past, purporting to be from princes or oil barons seeking your help to shift their millions, the modern bank scam can be sophisticated, multi-phased and extremely convincing.
The pandemic has exacerbated the issue
With the onset of the pandemic, and largely on account of so many employees working and conducting business from home, there has been an uptick in banking/payment fraud scams.
These usually begin with social-engineering cyber breaches, such as phishing emails or fraudulent calls, that allow hackers into a bank- or customer-employee’s email/account.
A record GBP 754 million was stolen in the first six months of this year, up 30% from the same period in 2020, according to data from banking industry body UK Finance, and up more than 60% from 2017, when it began compiling the figures. HSBC, which has operations in the Americas and Asia, has hired more than 300 staff in a year to support its anti-fraud operations in its home market and increased annual spending by 40% to deal with an “exponential” number of customers affected.
The country's super-fast payments infrastructure, relatively light policing of fraud-related crime, plus its use of the world's most widely spoken language - English, also made it an ideal global test bed for scams, the banks and specialists added.
Since the pandemic, fraud attempts have as much as tripled; with a wide variety of new scams emerging to prey on the unsuspecting. Phishing attacks have increased over 667%, and much of the fraud perpetrated in the past year has been related to stimulus packages, unemployment payments, scammers texting or emailing (with the promise of receiving) a payment sooner.
Elderly customers, who are more likely to suffer in the face of this pandemic, and are typically more isolated from other people, are being targeted by cyber criminals.
Americans lost over USD 211 million to COVID-19 scams and stimulus payment fraud, according to the Federal Trade Commission. Since January, the agency has received over 275,600 complaints.
Digital security concerns have assumed a greater importance amid the government's efforts to steer India towards a less-cash, digital economy.
Digital payment frauds are almost half of all the bank frauds committed in India. Such a large number may affect the trust of the consumers.
Hackers might be fraudulently accessing your e-wallets, mobile banking app and UPI. The Reserve Bank of India (RBI) has warned banks of a digital banking fraud that could wipe out a customer’s bank balance by using the Unified Payment Interface (UPI) route. The cybersecurity and IT examination cell of the central bank said that a mobile application called ‘AnyDesk’ was allegedly being used by fraudsters to access data on mobile devices.
UPI and its repercussions
According to a Business Standard report, digital payments saw a spike after demonetization. With the pandemic having pushed more people to lean further towards contactless payments, a lack of awareness and vulnerabilities in confidential card details are increasing digital frauds.
In India, across industries, TransUnion found that the highest share of suspected digital fraudulent transactions originated from Mumbai, Delhi and Chennai. 41% of digital frauds in India occurred in the eastern region as per a report by TrustCheckr. The top frauds take place in KYC, fake cash-back, frauds through digital wallets, fake-selling, QR codes, UPI phishing, lottery scams and financial fraud on social media. Fraudsters can also take advantage of the ‘request money’ option on UPI apps.
Some general tips to keep in mind
If you are banking electronically, you must register yourself for SMS/email alerts and immediately inform your bank in case of a fraud.
According to the RBI, you must only use sites with https while banking online, and avoid banking on free networks.
A pin is needed only for transferring amounts, not while receiving. Restrict access to screen-sharing apps and never share your pin, card and OTP details.
Be very cautious in granting third party access to your mobile screens.
Be cautious of counterfeit UPI apps on app stores.
Avoid fake helpline numbers on social media.
Keep changing your passwords/PINs periodically and add special characters to it. Do not use any familiar words/names in the password. One unique trick is to create an acronym of a sentence and use that as your password, as that deems it pretty uncrackable.