Covid Impact - Increased Digital Adoption and Banking Cyber Frauds - How to safeguard Your Money?

Cyber Security is one of the most significant risks the banking industry currently faces.

Cyber Security is one of the most significant risks the banking industry currently faces. As technology advances rapidly, so do the scams associated with it. The reality is that digital banking has become a part of our daily lives today. While mobile app, internet banking and telephone banking greatly reduce the need to go to the branches and make fast transactions easier, the challenge before us is the rise of new cyber security threats.

Banks' digital transactions are growing exponentially. It reached its zenith during the Covidperiod. Moreover, online shopping has become commonplace. Today we have started buying everything from salt to camphor through cyber. Customers began to use Internet purchases for all purposes, and new customers began to arrive in cyberspace. The influx of new users and their lack of awareness on cyber security has increased the chances of criminals being scammed tenfold.

Today we live in a nominal society of people who do not have or use a credit card. Banks have seen an increase of seventy to eighty percent in digital or mobile transactions in recent times. Digital methods are creating a lot of opportunities for everyone to cut costs and make a profit faster. The time is not far off when transactions will be 100% digital.

By visualising all these, criminals have also infiltrated cyberspace, the reality is that a new area of ​​financial fraud is rapidly emerging. The fact that everything from petty frauds to large-scale robberies are happening in cyberspace today underscores the importance of strengthening our security measures. We read in the news that banks are being hacked and large sums of money are being laundered. Many banks understand the importance of cyber security and take necessary steps to enhance the measures on a large scale.

But while banks adopt many different security measures, fraudsters often find some very subtle cracks and exploit the weakness of the customers and often carry out their intended operations. It is a fact that while some banks give more importance on the security of their customer information and some may not be giving similar attention, allowing criminals to carry out their frauds at will.

Let's take a look at the common scams faced by bank customers:

SIM Swap 

This is a method that fraudsters use very strategically. The mobile number of the customer is a reliable factor when making financial transactions. Many banks are using the token number as a secure system to be sent as an sms before confirming bank transactions. There is a fraudulent method of obtaining a duplicate SIM card with the personal information and documents of the customer in various ways and using it to make bank transaction.The attackers target customers who are on vacation or living abroad. When the users are abroad they won't get the information that the Duplicate SIM card is activated as their mobile phone is switched off or out of range. Massive financial frauds have taken place using this method. There has been a proliferation of scams targeting wealthy expatriates and collecting their travel information in a well-planned manner. Sharing travel information on social media can add fuel to the fire. Switching off the mobile phone on trips or losing range during travel can be too late to find out about such scams.

What measures can be taken to protect?

1. Contact your telephone company immediately if you notice that your phone is suddenly out of range or your SIM card is disabled.
2. When you travel, especially to other countries, you should definitely make sure that your SIM card is not disabled. If you can use the roaming service, do so. If none, make sure you get at least sms messages. When your phone is switched off or out of range for a long time, various scams may go unnoticed and thus losses may occur as you may not be receiving the relevant notifications. If you stay away from the country for a long time, contact the bank and try to see if you can freeze your account transactions. Another way is to entrust a trusted person to look after the account transactions related notifications.
3. Make sure your information and numbers with banks and telecom companies are always up to date. Make sure to know from telecom about all the services and numbers that are on your name.
4. Avoid unnecessary sharing of your personal information such as Emirates ID, passport copy, email, phone number and address.
5. Do not post personal information, including travel or other details (that could be exploited) on social media or other public forums.
6. Do not share security questions and answers related to the bank with anyone.

Phishing

"Phishing" emails have been one of the most common threats to the Internet since its inception. Criminals and other fraudsters use such emails for various purposes. "Phishing" emails are often used to capture people's bank information and other valuable data, as well as financial exploitation and preparation for more extensive attacks. Fraudulent use of credit card numbers and bank account numbers are on the rise. Attachments and links in emails may be tempting to click, which may lead to stealing information, malware being installed on a computer, or bank fraud. Statistics show that during 2018-19, 94 percent of companies faced cyber threats and related phishing emails.

What measures can be taken to protect?

1. You need to make sure your computer and internet connection are always secure. Install the latest version of the operating system, antivirus, firewall, etc. should always be kept updated.
2. Keep your email security (Spam Filtering) properly configured so that spam/ phishing emails will be blocked as much as possible.
3. Handle the emails you receive with alertness and due diligence. Be sure to open the email only after confirming the sender and address (more confirmation by looking at the Email Header). Always double-check before opening attachments and links. It is always safe not to click. Hover over the links to display the actual website address.
4. Fraudulent emails are very common these days, claiming to belong to the bank, but do not click on the link in the emails or pass on any information for any reason.
5. Be careful not to install the software by clicking on such email attachment or link. Clicking on it may unknowingly install malware.
6. In the event of an accidental click or transfer of any information, the person concerned in IT or information should be notified immediately and other security measures should be taken. The computer or phone may need to be reinstalled.
7. Important data should always be proactively and securely backed up.

Vishing 

Instead of “email phishing” if a fraudulent call is made to a telephone it is called "vishing". These scammers will somehow gather potential phone numbers and approach the victims after gathering some additional information from social media or other means. They will try to carry out their intentions by pretending to be from a bank official or from the Central Bank and make various fake communication that call is regarding blocked ATM cards or Emirates ID updation. In some cases, fraudsters make the victims type in and obtain card information or other valuable data through certain websites. 

Similarly, fraudsters may call the victims to receive the verification SMS pretending to be from  some banks after obtaining their information through payment services on the mobile app (which they previously possessed). If you share your token number or your bank pin number unknowingly, the money may be transferred to the fraudster's account immediately. There are cases where your whatsapp is hacked by phone call like this. They will install WhatsApp using your number on their phone and manipulate you to send an “SMS confirming whatsapp” number which will be easy for them. It will be difficult and  may take a few days to recover your "WhatsApp" back. If they set up a PIN on WhatsApp, then our attempt to regain will be very difficult.

What measures can be taken to protect?

1. Be careful not to get deceived over the phone or by any other means if they forced you to give any information.
2. Even if the call comes from a mobile number you have to be careful. Mostly it would be a fraud call. Disconnect the call soon without talking much to them.
3. If they are trying to ask for your valuable information through the phone call, disconnect the call without passing any information. Do an enquiry by calling the bank's real number from it's original website or card.
4. Do not share any information like, PIN number, SMS token, password, etc. with anyone.
5. Set up WhatsApp by following it's security instructions. Set up the PIN Number for extra security.
6. Remember that no one just gives you anything for free. 

Lottery Scam (Prize Scam)

Nowadays, everybody gets a phone call, whatsapp or sms message saying a “big prize is awaiting”. In the past, such emails came from certain countries, but now they come in other ways and are sent in a more reliable way, including “pretending” as the companies we know well. For the past many years fraudsters have been using  the name of telephone companies in the UAE, the big supermarket, and the various well-known banks to make promises to send prizes, hack victim’s whatsapp and ask them to pay money as a charge to send prizes. Although the police have nabbed many such scams, it does not take long for new ones to emerge as victims are easily awaiting to fall to these traps, due to their greediness or ignorance. In some cases, such messages may come from a familiar phone number. In reality they might have hacked WhatsApp of your contact person and have sent those messages. This is the reason why more victims fall prey to these scams.

What measures can be taken to protect?

1. Do not try to answer the call, sms, whatsapp from an unknown number nor call them back.
2. If there are any suspicious messages or actions from a known phone number itself, never call them or contact them through the same number rather contact through some other way.
3. If you receive such messages never hand over credit card number, PIN number or sms token. 
4. If you receive such messages do not click on the links in such messages or try to contact in the number shown.
5. If you have doubt, try to get the actual number of the company who has to send you the prize and call them (be very careful while searching for the actual number).
6. Never transfer any money to the account number shared through such messages.
7. Unknowingly if you have shared any of the information, immediately call your bank and change your bank related passwords and PIN numbers. You may instruct to deactivate your account/card temporarily.
8. Always keep in mind that no one gives anything away for free. Remember that we do not win prizes in any competition in which we do not participate.
9. Make sure that the posts you make on social media are only viewed by people you know. Posts that you consider to be harmless may be used by fraudsters to obtain more information about you or your loved ones and to commit fraud.

Credit Card Fraud 

Credit card usage is on the rise these days. The scams associated with it are varied. In addition to the above listed scams, card skimming to leaks of card information have disturbed the banks and customers alike. Banks and card companies (MasterCard, Visa Card) try to take a pro-customer stand on many card-related scams. Moreover, there are various systems available nowadays to monitor such scams. 

However, keeping a card with a small limit for online use may reduce the value of the money lost even if it is exploited for some reason. Similarly, when using the card online, make sure that the website is authenticated and that the page is https (locked). 

Also we should try to make sure that the website belongs to the company we intended. The card used online must be verified with sms or password. Such cards offer more security. 

Make sure that for all the important transactions of the cards, we are getting sms confirmation. Extreme care must be taken when using the card at petrol stations and other establishments. Do not try to use or tell others CVV number or PIN number.

ATM Security 

ATM scams are coming back with new methods.

There are frauds ranging from attaching skimming equipment to machines, obtaining PIN numbers through cameras and hacking banks by installing malwares through a technique called "jackpotting".

When using an ATM, make sure no one else is around you. While typing the PIN number always hide using your other hand.

Make sure there are no unnatural devices or plastic in the card slot. If anything suspected found immediately inform the security guard. Ensure to keep the money withdrawn and all the transactions safely.

General precautions for the security of bank transactions 

What precautions should be taken as the criminals are targeting the public in different manners or forms?

1. Check your bank account regularly. The most important thing is to make sure that the money you have deposited, or have in the account, is still there. 

If anything suspicious is found, the concerned officials of the bank should be contacted immediately and necessary action should be taken. Writing complaints is very important. Try to contact the police immediately. You can file a police complaint online. 

(Abu Dhabi Police -  https://www.adpolice.gov.ae/en/aman/Pages/default.aspx Dubai Police - ecrime.ae)

2. You have to know exactly how your account is secured. Most of the time we are unaware of the security features we have. Only when money is lost we inquire and come to know about the features. Doing this as a precaution can often help us. For example, if we lose our bank debit or credit card, we can immediately report the loss to the bank to avoid further pitfalls. Enable SMS confirmation or two factor authentication, where it is possible.

3. Sometimes paper statements can be very useful. As in this age of increasing cyber security threats, we lose all of our electronic information so to overcome this it is the only option we have.

4.  Do not share bank documents or other related information with anyone for any reason. Whether it is a bank employee (call center) or not. Various scams can take place once your personal and bank information has been collected. Big scammers can  smartly gather more information using the information that you think is very harmless.

5. Always try to use a strong password. If the bank provides tokens or other technological features don't forget to set it up.

6. Make sure the computer you use is secure when you are making financial transactions/purchases. Computers in public places may not meet the security standards. Some malwares are capable of sending messages you received to hackers. In this way fraudsters may even get the sms token you receive. Some will be able to send your speech and video. Similarly, you need to make sure that the app used for banking or online shopping is original.

7. Make sure to receive notifications for all bank transactions. Contact the bank immediately if you notice any changes. Regularly try to read and understand the messages coming from the banks in detail.

8. Never reply or take actions or click/share information or transfer money in a hurry. Take all actions with due diligence after seeking the help of experts. If any call or message that puts you under more pressure, do not accept it, or disconnect the call, and block the number.

9. If you find any suspicious messages or account transactions, or money loss, immediately notify the bank and the police with available evidence. 

For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.

You may be interested in reading: How to Survive the COVID Time Cyber ​​Security Threats?