Indian banks are offering their customers the chance to defer payments of their equated monthly installments (EMI) on housing loans or credit cards because of the lockdown. And the industry is now gearing up for possible scams on people, using benefits on the moratorium as the bait.
Here's how this scam works. Fraudsters can call you representing your bank and coerce you into sharing confidential details that allow them access to your bank account, which is then used to make fraud transactions. It’s worth noting since the EMI moratorium scheme was announced a few days back, attackers have only just started looking out for their targets.
However, banks are doing their best to prepare users. Sameer Ratolikar, Chief Information Security Officer, HDFC Bank shares his insights on how fraudsters are trying to target customers.
Scenario 1
This method is commonly used and it seems fraudsters find it to be most effective in duping people. A scammer will call people pretending to be a bank representative and offer them an EMI moratorium on their credit card.
Once they’ve gained the trust of the person, the fraudster will ask to them fill a form with their card number, CVV (at the back of the card) and expiry date.
The customer usually discloses these details via link or telephone call (which is called vishing), allowing the fraudster to make an online transaction using their card. The scammer will then seek an OTP by calling the customer and manages to steal money from their account.
Scenario 2
The second possible way the attack will happen is more digital-centric. The fraudster will call from a number, ask you to download an app from a link shared by them. This time, the fraudster will claim to be calling from the bank, and promise to give additional benefits along with the EMI moratorium. Now if the deal sounds good to the person, they download the app, which installs malware/trojan to their phone.
Bank experts point out the malware will capture your keystrokes (while typing on the phone), and send them to the hacker's server. Now, he will use these details, trigger transactions, call for OTP from the same number and manage to steal money from the account.
Scenario 3
And finally, the classic social media crawler. This works when hackers keep track of official handles of the bank and using a crawler they track people, find out what grievances people have posted on social media.
Now since many people also publish their mobile numbers with their grievance posts, hackers use those details and call their targets, claiming to be from a bank. The hacker will also ask for your card details, ATM PIN and help himself to money from your account, with your consent (via OTP) in place.
How to Avoid Falling for Such Frauds?
- Do not share card number, CVV number and ATM PIN with anybody on a phone call
- Don’t download apps via links sent on WhatsApp or SMS
- Banks advise you to install antivirus on mobile phones – it’s basic hygiene that can track malware.
Most banks claim to have strengthened their back-end systems to prevent such mishaps, but it’s also the customers' responsibility to be vigilant and ensure they avoid falling prey to fraudsters.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)