Understanding the Various Methods Utilized by Hackers to Illegally Obtain Funds: An Overview of 14 Common Fraudulent Practices
SBI’s Fourth Edition of SBI Hive: A Comprehensive Guide to Protecting Against 14 Common Fraudulent Tactics
With the rise in cyberattacks targeting bank customers, State Bank of India (SBI) has launched the fourth edition of ‘SBI Hive,’ an informative guide designed to empower the public with knowledge to safely navigate the digital realm and conduct secure transactions.
In this latest edition, SBI Hive sheds light on the prevalent types of frauds frequently employed by hackers to deceive individuals, while also providing valuable insights into preventive measures that can be taken to safeguard personal information and finances. By following these precautions, SBI assures its customers of enhanced protection against hackers.
Overview of Common Fraud Types:
SBI Hive highlights 14 specific types of frauds that hackers often employ to gather sensitive information and illicitly acquire funds:
Pending Electricity Bill Scam: Hackers deceive victims through fraudulent calls, claiming pending electricity bill payments and tricking them into sharing OTPs or making token payments, ultimately compromising their accounts.
Order Cancellation Fraud: Hackers posing as delivery personnel target unsuspecting individuals with Cash on Delivery (COD) options. By requesting an OTP for order cancellation, they deceive victims into sharing their OTPs, resulting in automatic debiting of their accounts.
Tax Refund Deception: Hackers use fake messages or emails, appearing to be from the income tax department, to mislead victims. Redirecting them to counterfeit websites, they trick victims into providing bank details and sensitive information, subsequently compromising their accounts.
Lottery Scam: Victims receive fraudulent emails or SMS claiming they have won lottery money or gift cards. Hackers exploit victims by requesting sensitive personal information necessary for the transfer of winnings, leading to financial transactions and subsequent defrauding of the victims.
Fake Social Media Handles: Hackers create social media accounts using deceptive language related to UPI, NPCI, BHIM, or other banking and government entities. By enticing unsuspecting victims to disclose their account details and personal information, hackers exploit this data to carry out unauthorized financial transactions.
Remote Desktop Sharing: Hackers employ various means like SMS, email, or calls to deceive victims into downloading screen-sharing apps under the guise of KYC updates, account or card activation, or other services. By gaining access to victims’ devices through shared passcodes, fraudsters can manipulate UPI or other payment apps to transfer funds or obtain OTPs.
Fake Customer Care Number: This fraud involves sending victims SMS or email notifications, falsely threatening to block their accounts, cards, or Netbanking access due to KYC non-updation. Included in these messages is a link to a fake customer care number, leading victims to unknowingly share sensitive details like OTPs, card numbers, and dates of birth, resulting in compromised accounts.
UPI Frauds: Fraudsters send fake links with a “request money” option, prompting users to enter their UPI PIN or scan a QR code. If the victim proceeds with either action, their account is debited.
Debit/Credit Card Fraud Using Reward Points: Hackers contact cardholders, enticing them with limited-time offers to redeem reward or loyalty points. Victims are then tricked into providing card details and OTPs, allowing hackers to defraud them.
Fake Websites: Hackers create counterfeit websites resembling reputable brands, often with subtle alterations that can easily go unnoticed. These websites’ IP addresses are disguised using various tools and applications. Unsuspecting customers are lured into fraudulent schemes involving the sale of franchises from these fake websites.
Fraud Without OTP via Aadhaar and Fingerprint Breach: By extracting data from land record websites, hackers obtain thumb impressions, Aadhaar information, and other data, which they exploit using IT tools to commit financial fraud.
WhatsApp Movie Download Scam: Hackers send WhatsApp links offering free movie downloads, granting them access to victims’ devices. They subsequently steal bank details and other confidential information for financial misuse or theft.
Fake Voice Calls Requesting Money: Hackers gather videos and contact information from victims’ social media accounts. Employing technologies like SaaS, they create deepfake voice signatures of the victim’s relatives. Victims are then approached with urgent pleas for money transfers to specified accounts or through shared links.
Free Electronic Items Offer: Hackers contact victims via calls or SMS, offering free electronic items. Through this ruse, they extract financial information for further misuse and fraud.
Key Safety Points:
SBI Hive also emphasizes several safety precautions that users should adopt to maintain their security:
Avoid conducting transactions while on a call and refrain from installing apps based on advice from unknown individuals.
Exercise caution when clicking on links or opening email attachments from unknown senders.
Avoid financial transactions when connected to public Wi-Fi networks.
Refrain from responding to unsolicited sales, marketing, or outreach messages.
Do not store bank account numbers or PINs on mobile devices.
Always verify the identity of callers and be wary of those requesting personal or financial details over the phone.
Authenticate e-commerce websites’ legitimacy before engaging in transactions.
Ensure that mobile and UPI PINs are distinct and randomly generated.
Do not contact phone numbers provided in online ads, pop-up windows, or emails.
Enable SMS alerts to receive regular updates on account activity.
Exercise caution when using ATMs or POS machines, covering the keypad while entering PINs.
In the event of fraud, customers should promptly change their passwords, block their cards, and report the incident to their financial institution. Additionally, they should report the incident to cybercrime authorities through cybercrime.gov.in or by calling 1930.
By equipping themselves with knowledge and implementing preventive measures, individuals can significantly reduce their vulnerability to cyber fraud and protect their hard-earned money in the digital age.