In a world driven by technology, the internet has become a staple in our daily lives. Tech Giants across the globe have invested billions of dollars to curate a network of devices that drives you to utilise their ease of usage and access through the power of the internet. This has led to a stark increase in the utilisation of heavy bandwidth and data across the globe, causing people to invest in broadband and fiber connections that offer strong reliable data at cheaper and more affordable costs. But your home Wi-Fi can't accompany you on your next trip out of the house. This results in you craving those sweet unlimited data packs while not shelling out the seemingly hefty prices of your limited mobile data plans. Thus, you give in to your cravings and indulge in a free public Wi-Fi hotspot nearby. But here is why that Wi-Fi toggle might cost you a lot more than you might think.
Public Wi-Fi's can be found in a number of locations, be it your nearby fast-food restaurant or even a transport hub like the railway station or the airport. These areas boast the lure of “Free Wi-Fi" but the cost of scouring your social media on these networks might be your privacy. Public Wi-Fi hotspots are often used as hunting grounds by attackers and hackers who can join into the same open Wi-Fi network you are enjoying and steal valuable private data that can pose imminent future problems.
- Man in the middle attacks
One of the most common examples of these attacks is known as “Man in the Middle attacks”. This is essentially a technique in which an attacker eavesdrops on your conversations between your device and the internet server by stealing the data between those two junctions. The most troubling aspect of these attacks are that these are undetectable to an untrained eye, and can prove deadly to your private log in details or even your bank account credentials.
- Malware Distribution attacks
Another major attack that is rampant in these cases is a Virus or Malware distribution attack, where a hacker can inject a backdoor to your phone or computer’s operating system and can trigger it whenever he/she desires, causing each and every personal data string on your device be subjected to being stolen or misused. This is deadlier than a “man in the middle” attack because once the virus is injected into your device, the hacker can exploit this backdoor even if you are not connected to the same public Wi-Fi network, making it easier for the attackers to steal vital information whenever they feel like it.
- Cyber stalking
Attackers can also utilise these free Wi-Fi zones as stalking areas whereby utilising special software and gadgets, they can see in real time each and every website you are accessing from the confines of your personal device. Almost every public hotspot remains unencrypted, and therefore attackers can even check messages or files you have sent while using the Wi-Fi network, and can accomplish additional crimes like identity theft and bank frauds easily and frequently without even running the risk of being traced or detected.
Analysing these aspects of attacks and exploits that are achievable just through an open Public Wi-Fi hotspot really puts into focus the value of privacy and good decision making in our daily lives. Just by indulging in a few minutes of online shopping or having a chat with a friend to pass some time, you are leaving yourself vulnerable at the mercy of hackers and attackers who won’t think twice before emptying your bank accounts and misusing your login credentials in a matter of seconds. Seems like a very hefty price to pay for a few minutes of free internet.
Tips and Tricks for prevention
Here are some methods through which you can better protect yourself from the atrocities of public Wi-Fi:-
a) If you are signing up for public Wi-Fi access, don't share your personal information and avoid accessing websites where you are required to enter any log-in or financial information such as your internet banking accounts or transactions on e-commerce sites.
b) Restrict hackers from accessing your files stored on your personal device through the open Wi-Fi network. You can do that by going to Network and Sharing Center on your PC, then Change advanced sharing settings and then Turn off file and printer sharing.
c) Using a VPN is one of the most effective tricks to secure yourself from a potential data leak as it encrypts the data accessed by your device and makes it harder for people on the network to track your activities.
d) Turn off “Auto-connect to WiFi networks” on your device to prevent your personal device to automatically connect to a nearby unsecure public WiFi hotspot.
e) Only visit credible sites using HTTPS (indicated by a lock sign in the address bar) as these are secure sites that use an added encryption to ensure that your data doesn't fall into the wrong hands.
You know this already that Virtual is the new life. Be it News, Entertainment, and Oh, Shopping, everything has shifted online. It has become almost impossible to not get our personal information like email, name, mobile number exposed to online world.
Every e-commerce company, these days, have your card details. Wonder the effects once the databases are compromised? Well, let’s not forget the recent data breaches that constantly take place in e-commerce companies.
Cyber-attacks and its impact on business are so much in the limelight right now and data breaches, have been around for quite some time now. There is a lot that goes out to the reach of the fraudsters such as your email, card details, mobile number, and addresses.
Let’s look at some of the very massive and huge data breaches that took place.
- In April 2021, Facebook data leak of 533 million users
- In April 2021, breach of 500 mn Linkedin users
- In February 2019, account details of 422 mn SBI customers compromised
Definitely the fraudster is not going to wait now that they have the information they need to move ahead.
Let’s talk of the after effects.
If a business undergoes a cyberattack, there are two risks that comes in parallel: the cost of handling it and the reputational.
Going back to a study done by Accenture and the Ponemon Institute in 2018, the average cost of a malware attack on a company is over $2.5 million and it takes more than 50 days to recover from the attack.
Speaking of recovery, it is pretty normal for businesses to proceed with cyber insurance that will endure their losses and help them recover. Rising cases of cyber threats explains the need for cyber insurance companies in India.
Not just businesses, do you think an individual is safe? Are you safe?
Now that every tiny personal detail is out in the air, it is very obvious before a fraud trade places with you.
Wondering to do/ How to protect yourself from being exposed to financial losses due to cyber crimes? As we said, we have answers and i.e. – Cyber Insurance.
Just like businesses, individuals can also opt for cyber insurance plans. Most of the insurance companies in India offer retail cyber insurance plans.
This is a new concept in India and you might be wondering, is there a need for Cyber Insurance? Or is it just a western fad trying to make its way to blend in?
We have answers and we don’t want to keep all the knowledge to us, therefore, we are going to discuss everything about Cyber Insurance. So, you know what to do, right?
Cyber Insurance in India – What is it?
Retail Cyber Insurance, as the name says is an insurance policy that has been designed to ensure financial safety of individuals from digital frauds carries out through phishing, malware or sim-jacking.
Annual premium varies depending on the protection cover you are taking. Premium is not subject to the age of policy holder as it is in the case of life or health insurance.
Some plans not only cover monetary losses but also provide cover against legal defence cost. They also cover third party loss as cyber data breach of an individual may lead to monetary loss of others too.
Wondering how will a Cyber Insurance help?
For starters, if you have the policy, it will help in providing potential coverage to the attack and will help to recover from it, in ways big or small.
However, one thing that you must know about Cyber Insurance is its objectives and the protection it will offer. The best practice is to understand the coverage before signing up for the scheme.
Recently, Global cyber insurance industry was valued at $7.8 billion in 2020 and is making a swift growth at 21% CAGR extending its reach to $13.9 billion in 2023 and $20.4 billion in 2025.
You can clearly see the growth rate of this industry compared to other insurance products/options.
Let’s address the elephant in the room as well when we are mentioning ‘’cyber threats’’ and ‘’cyber attacks’’. It is significant that people understand and have the required knowledge of how cyber insurance is a boon to both i.e., their business and to them.
Cyber Insurance – Why Do You Need It Though?
Before you get any ideas, ladies and gentleman, Cyber Insurance isn’t some silver bullet that aims to take care of your cybersecurity issues. No No.
But having an insurance plan than not having it is a good idea especially when your hard-earned money is at stake. It is like having a safety net which aims to safeguard you in case you go through a loss via cyber threats.
The Pandemic has certainly taken a toll on online payments. With more and more individuals moving to the digital means for processing payments, cyber threats have made their way.
With an increase in individuals paving on social media to maintain their timely entertainment, there is also an adverse increase of incidents like cyber-attacks, spyware, phishing emails, and so on.
According to a survey of Indian consumers by FIS in April 2021, 34% of participants reported financial fraud over past 12 months. This figure rises to 41% for those in the age group of 25-29 years.
You probably could be the next victim of a cyber threat. You never know, do you? Better safe than sorry!
This is where cyber insurance comes in.
Regular Cyber Insurance Plans in India Vs FinLock
Let’s look at the comparison for both the options.
The above comparison pretty much gives you an insight on a regular cyber insurance vs Finlock.
Regular cyber insurance is a great way to recover your losses when you have been struck by a fraud. Finlock has so much to offer in addition to its comprehensive protection.
FinLock detects various types of fraudulent attempts on your smartphone and alerts you in real-time, thus preventing frauds from happening.
In case fraud does happen, complete post fraud support is provided. Post fraud moments are very traumatic for a victim as they need support and guidance on what to do next. FinLock has been designed for the best customer experience.
Cyber Insurance, as mentioned earlier is a safety net and having a safety net always adds to sense of relief, doesn’t it?
Alternatively, to prevent yourself from cyber-attacks, you can easily top it off with the layer of preventive measures and keep yourself safe anyway.
All of it sounds good, no? Why not start inculcating it in real lives too?
One of the most transformative changes in the world of global finance is the emergence of digital banking on smartphones in recent years. This has truly revolutionised the way people utilise their banking services, with almost every major financial service now being hosted on a dedicated mobile application or platform.
But these ease-of-access changes that are slowly taking over the financial world don't come without their vulnerabilities. Multiple cyber frauds utilise the minuscule cracks in the newly formed online banking systems to steal personal and financial resources from innocent victims. Banks have tried to curb these online frauds by introducing safety measures like two-factor authentications and One-Time Passwords (OTPs) to ensure safety in making online transactions. But what would happen if these same safety features provide a backdoor for fraudsters to gain access to the victim’s bank accounts?
SIM swap scams are one of the newer forms of online frauds that are taking over the world of online banking, with a number of high-profile hacks being done to gain access to the personal data of well-known individuals through an elaborate scam. It came into focus after the infamous hacking of Twitter CEO Jack Dorsey's Twitter account in 2019 through SIM Swap. Several major cases have followed, ranging from accessing online social accounts to losing millions of dollars through a SIM swap fraud in recent years. India has also seen an exponential rise in these scams, with people losing millions of rupees through these scams.
How does SIM swap attack work?
A SIM swap or simjacking is a fraud that basically involves a scammer gathering personal information about you often through social engineering or phishing and then getting in touch with your mobile carrier to report your SIM card as stolen.
In another technique, scammer may call you posing as a telecom representative and offer you to upgrade your 3G SIM to 4G or to upgrade your SIM to an eSIM. This would require you to send an SMS request to telecom operator. You will be deceived into initiating this SIM change request from your phone.
These techniques allow the scammer to obtain a new SIM card with your telephone number using the personal data that they stole from you previously. With your phone number in their hands, they can now gain access to all your financial data, including OTPs and password resets, and can also easily transfer funds from your bank into their own account. The worst part about this is that they can carry out every step of the SIM swap scam without even sounding any alarms. On activation of the new SIM, your phone will stop working and you will not be aware of any transactions made by the scammers in your bank accounts.
Signs that you might be a victim of an SIM swap fraud
- Unable to place calls or send texts: - If you are suddenly expressing difficulty in placing calls or sending texts, chances are that fraudsters might have deactivated your SIM and currently have access to your phone number.
- Service provider warning: - If your telecom provider notifies you that your SIM card or phone number is active in another device or that they have received a request to replace/upgrade SIM, there is a chance that you have fallen victim to a SIM swap attack.
- Unable to access accounts: - If log-in credentials on your bank or other online accounts have suddenly stopped working, fraudsters may have changed your passwords and gained access to your accounts through a SIM swap attack.
What to do in case of an SIM Swap fraud?
- Contact Telecom operator: - Immediately contact your telecom operator and block your SIM to prevent fraudster from making any new transactions.
- Inform your bank: - Inform your bank about your SIM swap attack and check recent transactions. Report if those transactions are not made by you. You can also block your cards, accounts to prevent any transactions.
- Complaint to Cyber cell: - Within 2 hours of discovery of fraud, you can call helpline 155260. After 2 hours, you can file the complaint on National Cyber Crime Reporting Portal. You can also report to your local cyber cell.
How can you prevent SIM Swap attack?
There are multiple ways through which you can protect yourself from falling victim to a SIM swap fraud.
- Awareness: - Be aware about sharing personal information with other parties and avoid making your personal phone number public in online communities.
- Online behaviour: - Be wary of phishing emails and fraudulent text messages or calls as they can source personal data about you by posing as a member of a prominent organisation.
- Bank and carrier alerts: -Keep track of alerts sent by your bank or mobile carrier as they can help you identify if your phone number and/or bank account has been compromised by a scam.
- Mobile network: - Losing mobile signal on your device is one of the first warning signs of a possible SIM swap attack. Pay attention to the carrier signal and other text alerts by your service provider that can alert you about a recent SIM swap on your phone number.
- Diversifying security options: - Avoid keeping your phone number as the sole recovery option for your online accounts and try using a separate email account that is not linked to your phone number to make it harder for a scammer to gain access to all your online accounts through a single SIM card swap.
- Authentication apps: - Try using dedicated authentication apps by Google or Microsoft that provide you with two-factor authentication without forcing you to rely on your phone number and OTPs to gain access to your accounts.
- Security apps: - Experts agree that one of the best ways to protect yourself from online frauds like SIM card swaps is by utilising an advanced security app like FinLock that can help you protect your personal and financial information and secure you against falling victim to multiple online scams and frauds. It also alerts you in case a request has been made from your phone to upgrade or change your SIM.
Rising number of online frauds like SIM card swaps has been affecting the lives of thousands of innocent people on a regular basis. The best way to protect yourself while enjoying the growing digitisation of banking services in countries like India is to be aware and take all the preventive steps to safeguard your online identity.
Unified Payments Interface or UPI has become a very common way to make money transfers and is the new hotshot of the digital payments’ world. Well, amidst all these exists the patent tricks to carry out scams underneath UPI.
Let’s know more about UPI Frauds, types of these frauds and ways to keep yourself safe from such shark moves.
UPI Payment Frauds – The Walkthrough!
In the present time, we all rely on digital transactions. Now that the world is struggling with covid-19, a cashless economy is on the go. Additionally, staying hawk-eyed to the kinds of loopholes is extremely crucial.
The speed and scale of UPI that carries today is beyond imagination. As per National Payments Corporation of India (NPCI) – the government body that introduced UPI system in April 2016, 220 banks in India were actively using the UPI platform in April 2021. And there were over 2.7 billion transactions amounting to more than Rs. 5 lakh crores in March 2021.
UPI is the stepping stone of the current economy and speaking of security, it needs to be airtight. UPI transactions have hit high and not too much to our surprise, it is has become one of the most preferred methods to conduct payments. This has brought unwarranted attention of fraudsters too.
We all have seen the trail when it comes to online banking fraud, and it was very recent when HDFC Bank issued a warning for all its users. The alert made a noise, a loud one, mentioning fraudsters stealing money from the bank account of other users via UPI.
The exact number of UPI fraud cases in India is not available. The scale of the problem can be known from the disclosure by risk and fraud management division of Paytm in a national daily that it receives around 1300 payment related complaints daily – that’s half a million complaints annually from Paytm alone.
To understand the ways to protect ourselves from UPI frauds, it is important to be aware of the possible ways in which UPI Frauds are conducted.
Types of UPI Frauds in India
Staying vigilant is extremely crucial and you need to be aware of different kinds of UPI frauds in India that are happening around you. Some of the prominent ones linked to UPI Scamming are mentioned below: -
1. Phishing UPI Scams
This is one of the most common occurring UPI payment frauds in India. Fraudsters do a pretty good job by sending unauthorized links for payments through text messages, emails, etc. You are very likely to be mistaken when these fake bank URLs twin with the original ones.
Now, once these links are clicked, you will end up on a fake website. If you enter your UPI id and PIN to make the payment, these can be misused by fraudsters to steal money from your account using your UPI details.
In some cases, these fraud URLs may also induce malwares/ spyware on your phone to get your financial information.
2. Deceptive UPI handles
Scammers take advantage of the popular UPI handles that are in public domain and people are using to transfer money. They make similar looking UPI ids and circulate them widely on social media. Users may fall into this trap and end up transferring money into these fake UPI accounts.
Recent example of such malpractice is from 2020 Covid-19 induced lockdown in India. During this time, lot of people wanted to donate money to PM Care – a Government of India initiative, but there were many fake UPI ids doing rounds on social media. Several people lost their money. SBI bank also issued advisory on social media to warn public of such fake UPI handles.
3. Screen Monitoring Tools
Well, Work from home is the new mandate now. Screen Monitoring Tools such as AnyDesk, TeamViewer are nowadays a compulsory requirement which can easily be connected to your working device through internet.
Fraudsters are exploiting this moment. They call users and deceive them by posing as representatives from banks or other service providers. If users don’t have screen monitoring tools, they are asked to download these apps on their phones on pretext of resolving some issues or customer verification/ KYC. Once installed on your phone, these apps can grant fraudsters full access to your phone. They can read all your passwords, OTP messages and use them to make unauthorized transactions.
4. UPI Payment Requests
UPI users know that to pay using an UPI app, user has to enter UPI PIN and to receive money they are not required to enter any PIN. But fraudsters promising to pay user share 'send money' request in disguise of a 'collect money' request and fool users into entering their UPI PIN which deducts money from their accounts.
This UPI fraud has been common on e-commerce websites such as OLX where people list their products to sell. Fraudsters contact users posing as a buyer and accept to buy the products unconditionally by paying through UPI. Users are deceived into entering UPI PIN to receive money but they end up losing money. Make sure you also read the advisory by OLX to spot a fraud buyer.
How to file UPI Fraud complaint in India?
As soon as you have become a victim of an unauthorized UPI payment fraud, here is what you need to do.
- Directly file a complaint with your bank
- Inform your bank about the fraudulent transaction by calling the customer care. Make sure to note the complaint number.
- If calling doesn’t work, you can send an email or written letter to your bank branch manager.
- Reach out to your UPI payment platform
- Register a complaint with your payment platforms such as Google Pay, PhonePe, Paytm, etc. by calling their customer care.
- Complaint to cyber crime police
- Call on National Cyber Crime Helpline 155260 within 2 hours of the UPI payment fraud.
- After more than 2 hours of the fraud, log a complaint on National Cyber Crime Reporting Portal. Enter all the details about the fraud. Investigating agency will look into this matter and try to recover your money. For more information read How to Report Cyber Crime online in India.
- You can also file an FIR directly at the nearest cyber police station.
How to prevent UPI Frauds?
Some of the common ways to protect yourself from UPI Frauds are: -
- Keep distance from fraudsters – Don’t engage yourself with fraudsters. Banks and service providers will never call you to ask for your sensitive information. It’s a red flag in case you receive a call from the bank asking you for personal details/ OTP/ PIN or getting you to download some app.
- Remember when to use PIN – Always remember that you need to enter UPI PIN only to send money. To receive money, you don’t have to enter any PIN.
- Spam warnings on UPI App – Google Pay and PhonePe give spam warnings to users when they detect a suspicious account. Keeping an eye out for such accounts and do not entertain any payment requests or messages from them.
- Big ‘NO’ to unsecured public Wi-Fi – Using unsecured public Wi-Fi is never a good idea. Hackers look for a chance to steal the necessary details out of your device when you are connected to the Wi-Fi. To know more about this menace, read How Public Wi-Fi is endangering your private life
- Unauthentic e-mails are not welcome –The most common way to trick users to download Malware and obtain information is done via E-mails. Therefore, it is a good idea to always scan your e-mails for any sort of viruses.
- Using tools to detect fraudulent attempts – Cybersecurity tools for your phone such as FinLock is a great option for protection against UPI Frauds. FinLock detects ‘collect’ UPI Payment requests that you receive through QR Codes and alerts you so that you don’t fall into the trap of scammers who will tell you that you will receive money from this transaction.
UPI-related frauds have become very eminent in the digital world where we have to rely on a fast mode of financial transaction. Beware, be conscious and most importantly, be ‘alert’ because these frauds are silent. They just attack you and keeping yourself safe by following the right guidelines is the only way that secures you and your credibility.
Undoubtedly, the era that we currently live in has a lot more than we originally know. It is indeed significant to keep track of digital actions and solutions. The Digital Era nowadays is seeing a rapid growth in which everything seems to be a little bit out of control.
Without a speck of conclusion, the implications of the process are huge and will keep on growing every day. This eventually drives more risks associated with online frauds and crimes.
Therefore, the Government of India has taken the initiative by setting up a digital platform i.e., National Cyber Crime Portal. This portal is used for reporting cyber crime online in India. It was launched on pilot basis on 30th August 2019. This portal focuses on reporting of cyber crimes against women, children and financial frauds. Complaints lodged on the portal are taken care of by the authorized law enforcement agency.
Why there is a need for National Cyber Crime Portal?
Well, the foremost purpose is to offer flexibility to the victims to report crimes directly online and without the hassle of going to police station to report the crime with cyber cell. To report cyber crime in India, the victim needs to fill a complaint form with all the necessary details to pursue investigation and is acted upon swiftly. The Cyber Crime Portal has two sections:
- One for crimes against women and children.
- Other, which deals with online and social media frauds.
There is also a provision on the portal to report the crime anonymously. If you want rapid action from authorities, details that you share on the portal need to be complete and accurate. Additionally, there is a ‘check status’ feature that allows you to track your complaint status.
Step-by-Step process to report cyber crime on the Cyber Crime Portal
Reporting of the crime portal can be done in two ways:
- Calling on helpline number 155260. This number is reachable from 9:00 AM to 6:00 PM.
- Directly on the official website https://cybercrime.gov.in
Here we are detailing the procedure to file the complaint on the portal. Before we take you to the "how to report cyber crime" guide, one thing that you solely need to keep in mind is that there are several fake URLs with UI similar to that of official website. Beware of such websites.
Visit the Official Website of the National Cyber Crime Portal
Hover on the ‘menu’ section and you will be able to locate two available options.
Report Women/Child-Related Crime.
Report Other Cyber Crime
Depending on the trait of a crime you are reporting, choose the viable option.
To report a case of online fraud, go to page ‘Report Other Cyber Crime’ and click ‘File a Complaint’ Link.
This will redirect you to the ‘Terms and Conditions’ Page wherein you need to accept the terms by clicking on ‘I Accept’ in order to proceed to the login page.
For login, you will need to specify your username, State, mobile number, etc. You will be prompted for OTP on your phone.
Post-authentication from Captcha, the complaint registration form will fly-in. You will need to enter all the details related to the crime including date, time and location of the incident, details of the incident and supporting evidence. Finally, hit ‘Submit’ and you are done.
- You will receive the Complaint ID on your registered mobile number and email. You need to keep this noted for future reference.
- Also, download the pdf version of the complaint for your record.
Check your Complaint Status
After you have successfully filed a complaint, you need to follow the steps to track the latest status of your complaint.
- Login to the official Crime Portal.
- Click on ‘Check Status’
- You need to enter the Complaint ID. Alternatively, you can also look up from ‘Request Date’
- Now track your cyber crime report status easily.
The National Cyber Crime Control has in a major way made it easier for reporting cases as they happen. This is a great initiative by MHA and is still continuing to serve many victims in the process. If you still have any queries on how to report cyber crime online in India, feel free to contact us.
With over 60,000 phishing websites reported in the March of 2020 alone, phishing has seen an exponential rise in recent years owing to the increase of digitalisation globally with over 22% of all data breaches in 2020 involving phishing attacks. Google Registers Record Two Million Phishing Websites In 2020. With a single spear phishing attack resulting in an average loss of $1.6 million, Phishing is one of the most common and deadly cyber-attacks in the world right now. This has led to immense number of people searching for ways to prevent phishing attacks and safeguard themselves.
Phishing refers to a specialised type of social engineering attack that is aimed towards stealing user data and financial details of the victim. The attack involves the perpetrator masquerading as a trusted entity and will trick the user to open an instant message or an email, which contains a link. This malicious link redirects user to fake website or may lead to the installation of a malware, stealing user’s financial details or freezing the system as a part of an elaborative ransomware attack.
Phishing attacks has also been used to gain access to corporate or government networks by compromising the employees to give the hacker access to the closed network and trick them into distributing malware or stealing valuable corporate data that can sustain heavy financial losses to the company. Before coming to how to prevent phishing attacks let's have a look at the most common types of phishing attacks.
Types of phishing attacks
Some of the most common phishing techniques include: -
- Email phishing scams: These are fraudulent emails sent to thousands of people at once that mimic actual emails from a spoofed popular organisation to trick people into thinking that it is a message by the company and trust its contents. Email phishing often includes the attacker creating a sense of urgency by placing a timer or deadline to pressure you into complying with the fraudulent instructions given within the email. The main motive behind the email is to deceive you into clicking a fraudulent link in the email that will redirect to a fraudulent website aiming to steal your money or personal details.
Some examples of such phishing attacks include emails appearing to be from Instagram, Netflix, etc and asking user to login to the account using a link and verify with a code. The link will record the login credentials of the user to their social media or Netflix accounts which could be misused by fraudsters.
- Smishing: This is a type of phishing where the attacker will send text messages in bulk trying to trick people into giving out their information. Usually these fraudulent messages can indicate that you have won a contest or lottery, and provide a link or number that will attempt to source your personal information.
In a recent smishing attack, SBI users received text messages requesting them to redeem their SBI credit points worth Rs. 9,870. The link in the messages took users to a fake website where they were asked to share sensitive financial information such as SBI credit number, expiry date, CVV and Mpin.
- Spear phishing: These are targeted attacks aimed at a specific person, enterprise or a specialised group of people that requires the perpetrator to research names and identities of the person or people involved and tailor-make a phishing scam for them. The spear phishing scams are more effective and deadlier than a generalised one as they look more authentic and are often utilised as a first step towards a larger scheme by the attacker to infiltrate a company’s defences. Recent example of spear phishing is phishing scam with TV anchor Nidhi Razdan who was duped into a fake job offer to teach journalism at Harvard University. She had shared some personal information for a ‘work visa’ that could have been used to steal money.
- Vishing: Vishing is one of the most common types of phishing attacks. This is a technique utilized by cyber-attackers to steal personal or financial information through the utilization of the telephone network. The scammer can use a spoofed Caller ID to appear as someone calling from a prominent institution like a bank or the Income Text Department and trick you into giving out your personal or financial data on the phone. Wife of Punjab Chief Minister lost Rs. 23 lakh to a vishing attack. The caller, posing as a bank manager, stole her card details and OTP on the pretext of crediting her salary.
- Whaling: This refers to a phishing attack targeting the elite class “big fish” individuals like a CEO or an owner of a large corporation. The attackers often spend a considerable amount of time in scaling out the target and analyse their schedules to find the appropriate moment and means to unleash the attack and gain their log-in credentials or steal their financial assets.
- Pharming: This form of cyber-attack involves the perpetrator sending users to a fraudulent website that appears to be legitimate and trying to steal personal or bank details through their spoofed webpage. In this form of Phishing, the user doesn’t even have to click a malicious link as the attackers can directly infect the user’s device or the website's DNS server to force users to redirect to their fake site even if the correct URL is typed in by the user.
How to prevent phishing attacks
Some of the ways through which you can prevent yourself from being a victim of a Phishing attack are: -
- Always recheck any email or text message that you receive on your device and ensure that it isn’t a spoofed message or link by a cyber-attacker that will redirect to a fraudulent spoofed version of the real website.
- Check if message contains subtle mistakes that expose its true origin
- Check if link has a slightly changed spelling of a popular website or company
- If links are short urls, better to avoid them.
- Check if the email of the sender has changed spelling of a popular company or government organization.
- To prevent phishing attacks make sure to enable Two-factor authentication for all of your emails and websites to ensure that there is an extra layer of security and in the event that your log-in credentials are exposed, the attacker still can't gain access to your account or personal details.
- Do not enter login details on a popup window. Companies don’t take user credentials on pop-up screens.
- Utilise a secure tool like Finlock that can safeguard you against a phishing attack and prevent huge financial loss or identity theft by a cyber-attacker.
With phishing attacks resulting in hundreds of people losing their savings and personal information regularly, use these tips to detect and prevent phishing attacks. Safeguarding yourself from one of the most widely used and dangerous forms of cyber-attack is paramount to secure your online identity.
It is a story that we hear every second day about how popular mobile apps are in due conduct of privacy-related issues. Well, this goes without saying how dangerous it puts the users at risk.
New year often calls for new resolutions. We all have our set of oaths ready to either inhabit a change or abandon a trait. For mobile application creators, it is a slightly off-track story where they claim to have the best interest and preference of people in their hearts.
Let’s put it this way – you sure know the privacy issues that Facebook and Google are dealing with, sadly even WhatsApp now for that matter. But have you wondered about the effects and the privacy issues that your mobile device is potentially going through because of a handful of mobile apps?
Permissions that need your Attention!
Point that you need to register: Giving permission to Android apps eventually ends up giving control of your phone and to its content as well. Therefore, let’s walk through how to ensure safety and stay within control when using such apps.
Every time we try to install an app from an App Store, an app permission request is our first encounter. Usually, it is asking permission to control sensitive data. Hence, not only should you be alert about the apps you download from Play Store, but should also be prudent about the permissions they are asking you for.
There are three types of permissions: -
- Normal – No risk of user privacy
- Signature - unique permission granted by android to an app
- Dangerous–Involves user data
Bid Adieu to the ‘Dangerous’ Permissions
We should indeed be concerned about issues that tend to hijack our privacy and security. There are mainly nine permission groups that request access. The way these groups function is peculiar. There are many permission levels in each group, thus, granting single permission automatically sends off an alert to all the other permission in the same group.
Here are the permissions that you definitely need to look out for:-
This gives permission to use your microphone and record audio.
If you use Spotify, you can listen to the music of your choice by identifying the song. Alternatively, if microphone is enabled for WhatsApp, you can send voice messages directly to your boon companion.
However, the downside would be, a spiteful app that records the surroundings and discussion you are having around. Furthermore, can also intrude to record your business meetings and conferences.
Apps can access the exact location using GPS – Global Positioning System and by adjusting to other sources like Wi-Fi. Developers are most likely to use these apps to extract profit from the ads that relate to locations.
However, malicious apps can parallelly use these to load attacks based on locations. Some of the common apps that use it are check-in apps, location apps, and so on.
Contacts permission allows an app to read the data from the contact list on your phone.
This permission is usually taken by messaging or calling apps such as Whatsapp, Skype, etc. It can also be taken by other apps to elongate their marketing list that they can advertise to.
Looking at the dangerous side, it can overwrite or edit the contacts. So, wonder what happens if your mortgage brokers’ number is changed to another and you end up calling and sharing all your financial data or information with a probable scammer. In addition, the contact list can also add to phish your friends and message them indicating it’s you.
This enables apps to read SMS texts.
One of the great ways to eavesdrop on your personal information is by reading your text messages. Alternatively, some apps can breach this and even send SMS messages from your device.
Malicious apps reading your SMS can even get access to your OTP messages and steal your money.
Camera apps usually allow taking pictures and recording videos. These apps can secretly do so if given the permission of the kind.
You should be conscious while granting camera permissions as some malicious apps are capable of recording and saving your activities.
- Phone calls
With these apps, it becomes easy to locate your phone number and information related to your cellular network that you are currently using.
These applications can also make calls, receive them, edit your logs, add some content to voicemail, and even find out who is your caller. Therefore, some malicious apps can also spy on your phone and on the calls you make.
These apps give permission to users to be able to read/write directly on your internal or external storage.
Let’s address both side of the story, a music application will help you download songs directly on your device. However, if a malicious app intrudes, it can secretly change, read, delete any data/files that you currently have saved in your device.
Tips for you Privacy Protection
Basically, it all starts off when you understand the context of the permissions. It is significant to actually intercept what you want the app to do for you.
One of the most common OS is Android, and hence, to be sure of threats and cybercriminals trying to pull advantage shouldn’t be a shocker. However, when certain aspects are addressed carefully, even these risky permissions could be gotten rid of.
If you already are thinking, then below is the answer to ‘How to protect your privacy’?
- Apps and Caution must go hand-in-hand: Downloading apps is equivalent to welcome malware in your device. Therefore, always download Apps via trusted sources like Google Play Store as they scan each and every app before you download them on your device. Well, unknowingly you may end up opening a Pandora’s Box whilst you get tempted by a third-party app.
- Sending Email to the Developer: You may directly contact the developer of the application if you have queries that concerns ‘permissions.’ If the reply doesn’t convince you, avoid using the app.
- Google Play to the Rescue: One of the best ways to know risky permissions before you install them on your phone is to know about them beforehand. Google Play does the needful for you. Check the details and description section on Google Play to know about all the Permissions that the app will require.
- Know permissions of apps on your phone: Easiest way to know the dangerous permissions taken by apps that are downloaded on your phone is to download a tool with privacy scan such as FinLock app. It shows the risk level of apps on your android phone based on the different privacy permissions requested by them. Through FinLock, you can choose to change those permissions or delete the app. FinLock also alerts you when there is an app that is running in the background without your knowledge or you are trying to download an app that can record your screen. These apps can be misused by fraudsters to steal your passwords, PINs and OTPs.
Additionally, keeps you off the hook since you now know the permissions you are welcoming along with the application.
The modern world is tricky. Hence, it obvious to ignore a lot of things and especially ‘Android Permissions.’ Well, the considerable ignorance primarily happens because we never see these ‘Android Permissions’ as threats.
Therefore, make a wise pick and always remember to learn more about the permission before you end up granting them.
It is no question that India is still a relative newcomer to the world of online banking, with an unforeseen spike in digital payments felt soon after the phase of demonetisation. Adding to the digital wave with the pandemic following soon after, and forcing people towards making online payments, our country is revolutionising our banking habits and paving a path to a digital India. But in the haste of digitalising our banking, a lot of us have seemingly neglected the risks involved in online payments and the security concerns we should look after. Ensuring your knowledge on these frauds should be a top priority to protect your financial assets and secure your bank balance from being stolen by a third party.
Types of Online Frauds
Some of the major online frauds in India reported on a daily basis are: -
- Phishing: - Often termed as one of the most common and deadly cyber-attacks in India, phishing refers to an attacker collecting your personal details through websites or emails that seem legitimate but are actually faked to coerce you into providing your private log in details or personal data that the attacker can then use to gain access into your banking accounts.
- Smishing: - This fraud includes the scammer appearing as a reputable company and sending fake text messages to your phone for the purpose of inducing you to reveal bank account details, passwords, or any other personal information which the scammer can later misuse to steal your money.
- Virus and spyware hosts: - These are apps or websites that look legitimate but are coded to inject viruses or malware in your smart device that can record your keystrokes or gain access to your banking apps, ultimately resulting in heavy financial losses. These apps include real looking interfaces to trick users into giving out their personal information.
- ATM card misuse: - Scammers often install fake card scanners at ATMs to steal your credit or debit card details and make fraudulent transactions in your name from your bank account.
- SIM swap attack: - The scammer can trick you into issuing a sim card in their name that will give them access to your phone numbers and with it, your banking OTPs and UPI accounts. You can avoid these attacks by safeguarding your personal information that the scammer might misuse to buy a SIM card in your name.
- UPI fraud: - These frauds consist of the scammers using fake UPI apps or IDs to coerce you into revealing your UPI details or make a fraudulent transaction in their account. Scammers can also steal your OTP or UPI PIN to carry out this scam, which is why you should never share your UPI PIN or OTP to anyone.
- Fake customer care numbers: - These are mostly cold calls received on your phone that convey schemes or a problem with your account, and mislead you into giving out your private details. Another way is for the scammers to post their own number and market it as a customer care number of a reputable company to make you believe you are actually talking to their representative and thus scamming you out of your personal financial details.
- False social media handles: - These are real looking social media accounts that might message you asking for personal details or offering a fake prize or scheme that might ultimately lead to huge financial losses. Be wary of unverified social media handles that might seem real but are actually running a front for a scam.
Measures provided by RBI to protect you from online frauds
The Reserve Bank of India (RBI) identified these potential problems in our developing online banking services and have recently come up with a two-prong approach in lieu of protecting its citizens from falling prey to online frauds and scams. The first part includes creating awareness about the various online scams rampant in our country today, and the second part is to install intricate defences within banks to detect and avoid these scams from happening in the first place. They have also developed a myriad of measures that protect you in case a fraudulent transaction does take place from your account as long as you report them before the specified deadline.
Where and how to report online frauds in India
- If you notice an unauthorised transaction made through your bank account, contact your bank immediately.
- You should also contact the National Cyber Crime unit by calling their helpline 155260 to file a fraudulent case with the cybercrime branch. You can also use their portal to share your knowledge about the scam by logging on to their website and reporting the crime.
- RBI ensures that reporting a fraudulent transaction within three working days offers zero customer liability, i.e., you will not be held responsible for the fraudulent transaction if you report it within 3 days. This will result in the bank being liable to reimburse you the amount you lost due to the fraudulent transaction, given that it falls under their terms and conditions.
- Reporting the transaction after 4 to 7 days will result in you being liable to pay the transaction amount or anywhere from Rs 5,000 to 25,000 depending on the type of your account.
- In case of reporting a disputed transaction, the burden of gathering proof falls on your bank, where the bank either has to prove you acted fraudulently or credit back the disputed transaction amount back into your account in 30 days.
Tips & Tricks on how to protect yourself
These malicious activities happen a lot more often than you might think, with thousands of people falling prey to these online frauds in India on a daily basis. To ensure that you handle your online transactions in a secure and reliable manner, here are some tips and tricks to stay one step ahead of the perpetrators: -
Knowing the scams: - The most important defence against online banking scams is to always stay updated on them, understand how different types of online frauds work and take precautions to always be on top of emerging attacks.
- Changing your passwords and PINS regularly: - Periodically changing your PINs and passwords is one of the most effective ways to secure your banking details, as even if somehow an attacker gains access to your login details, they will be rendered outdated. Also, make sure not to share OTPs, passwords and PINs with anyone.
- Check authenticity of websites and apps: - Some websites and apps might look authentic, but are actually a faked replica of a popular website or application, made by scammers to coerce you into sharing your personal data through their own UI. Checking the authenticity of the apps and websites you access on a daily basis can ensure that your personal data isn’t falsely provided to a scammer.
- Keeping track of your account activity: - Keeping a close eye on your banking records and daily transactions can help you to timely report any discrepancies to your bank and stop a major financial loss from taking place.
- Use security software: - Using a security app on your phone or PC will exponentially decrease your chances of being exposed to fraud attempts, a trojan horse or malware that can jeopardize your personal financial details. Using android apps like FinLock ensures that you are always a step ahead from your scammers and are protected from the majority of online frauds.
- Avoid using public wifi: - Public Wi-Fi are open Wi-Fi hotspots that are seemingly free to use by everybody within its range in restaurants or cafes, but can carry a hefty price tag under the wrong hands. Hackers and scammers regularly use these password free hotspots to steal personal information from your connected devices including the websites you browse or even financial details stored on your phone.
- Cyber Insurance: - This is a specialty lines insurance product that is focused on protecting both individuals or companies from internet based risks including privacy infringements or even financial losses occurred through cyber attacks. With the sudden rise in cyber attacks in recent times, many national insurance agencies have started offering cyber insurance plans to safeguard people in case of falling for an online fraud.
With online frauds like these affecting hundreds of people on a daily basis, securing yourself from cyber attacks is of paramount importance, and can defend you from divulging your personal information or your hard-earned financials from falling into the hands of a scammer. The online frauds discussed above showcase the sheer plethora of options a scammer has in gaining access to your personal device and stealing your information easily. This is why investing in a software that can defend you from the evils of cyberspace is an important step in securing your online data while scouring the wonders of the internet without worrying about people taking advantage of your cadence. Securing yourself with Finlock is thus the best way to ensure a stress-free online experience!