The fraud could range from accessing your wallet balance, stealing / using your card credentials and misusing your identity on other ecommerce portals. Sharing OTPs either on a call or SMS or WhatsApp can be a major source of a disaster.
As mobile phones have become our wallets, individuals should never click on unverified links promoting investments or selling financial products. Parallel apps are used to run simultaneous service and are used to compromise on OTPs and other account credentials leading to cyber fraud attacks, says Amit Relan, founder & director of mFilterIt, a cyber fraud detection company, in an interview to Saikat Neogi. Excerpts:
How can installation of fraud apps hurt individuals doing net banking or other digital financial transactions?
As only 36% of the traffic on the internet are humans, and the rest all are a mix of good/bad bots, the banking and financial services sectors is one of the worst affected in terms of installation of fraud apps. As mobile phones have become our wallets, individuals should never click on unverified links either on email or SMS or WhatsApp promoting investments or selling financial products. Parallel apps are used to run simultaneous service on the same device and they get access to SMS without permission. Often these apps are used to compromise on OTPs and other account credentials and lead an unwary consumer to become a victim of financial fraud. The fraud could range from accessing your wallet balance, stealing / using your card credentials and misusing your identity on other ecommerce portals. Sharing OTPs either on a call or SMS or WhatsApp can be a major source of a disaster.
How can individuals verify the authenticity of apps for financial transactions and what are the safety measures one should take?
Individuals must be digitally savvy and must verify the app from the Google Play Store before downloading. For banking needs, one must go to the NPCI app or website to verify the app. Never share card credentials like the CVV (which are used for online transactions) with anyone.
Also go for difficult-to-guess passwords for financial transactions like banking access or online purchases and avoid keeping family member names or date of birth combinations while setting a password. We have seen many fraudsters scamming users by sending links in SMS to update KYC. Never click on any embedded links in such SMS, WhatsApp messages and/or share their details like name, mobile number on a form. These SMSs are often credential stealing scams disguised as ‘Urgent KYC update’. Similar discretion is recommended in sharing any biometric information like thumb impression or access to Aadhaar number or Aadhaar validation OTP.
Despite the best of the technology driving digital, why is there a trust gap when it comes to digital transactions?
At present, there are tools/ repositories of information with the government, banks and financial institutions, payment gateways and investigative agencies but all of them are working in silos, thus benefiting the fraudsters. There is a need for a pro-active framework to identify financial (hard fraud defined by RBI) and non-financial (soft fraud not defined by RBI) fraud by culminating these repositories into one and also by conducting social listening to develop risk profiles for individuals which will help in defining the threat levels of a transaction before the transactions actually take place.