Online banking – Attack Vectors
Online banking enables customers of banks to perform a range of financial transactions comfortably at their convenience from anywhere at any time.
However, while utilizing its benefits, the digital users also need to be aware about possible threats and the means through which these threats can be encountered by them in the real world. This awareness is necessary to enable them to be alert and be prepared to effectively counter them with necessary security measures.
Possible ways in which users are lured by cyber fraudsters to commit financial frauds-
Fraudulent calls on the pretext of
- Updating KYC
- Linking Aadhaar
- Winning free gift or a lottery
- Being a service provider/ Gas agency person etc.,
- Being a bank official for providing loan / updating credit card etc.,
Fraudulent messages or links
- That appear to be from authorized Banks or Financial Institutions
- That seem to be offering free gifts or exciting offers
- Links of malware infected apps etc.,
Modus Operandi for cyber frauds
Mentioned below is the process followed by cyber fraudsters while executing the cyber frauds like Vishing and Fake calls.
Vishing – Modus Operandi
- The fraudster contacts the customers through telephone call posing to be bankers/ company executives/ insurance agents/ government officials, etc.,
- To gain trust of the user, the fraudsters share and seek confirmation of some partial user information like name, DoB, address gained through different sources.
- The fraudster asks the customer to share their debit/credit card numbers, CVV, OTP, PIN etc., on some or other pretext like unblocking the card, KYC updation, stop penalty, prize amount etc.,
- Once they gain the financial details they misuse them to commit financial fraud.
Fake calls - Modus Operandi
- The fraudsters contact the victim pretending to be calling from the Income Tax Dept. for depositing tax refund in the victim’s account.
- They ask the victim for bank account details and gather financial information related to cards, expiry data, etc.,
- The fraudster then tells the victim to share OTP sent on mobile for depositing the amount.
- Once the victim shares the OTP the money is deducted from their account.