Over the last few years, the cyber threat in the financial system is increasing. In India, the RBI is giving constant warnings to the public about the various forms of cyber threat. Most of these are based on social media techniques, mobile phone calls, etc. Fraudulent players approach the people with false messages, spurious calls, false notifications, unknown links, unauthorized QR Codes, etc. Another method is promising help in securing concessions / expediting response from banks and financial service providers in any manner etc. in this context, following are the major cyber frauds in the digital financial space.
- Phishing and social engineering
Phishing is a method where spoofed emails and / or SMSs are sent to customers as if they are set by their bank / e-wallet provider and contain links to extract confidential details.
The phishing schemes target the user through phishing emails and social engineering methods, exploiting different communication channels (e.g. phone, email, SMS) and data about the user available in the public domain (e.g. social media sites, search engines).
Often the attackers collect data, using social engineering including credit card data and personal data about the users. In the dark web, the stolen credit/debit card or prepaid card details are sold and are used for fraudulent payments. Stolen personal data of the user can be used for impersonation attacks and for identity theft.
Vishing is a method where phone calls pretending to be from bank / non-bank e-wallet providers / telecom service providers are made to lure customers into sharing confidential details in the pretext of KYC-updation, unblocking of account / SIM-card, crediting debited amount, etc.
- Remote Access
Under this method, the attackers lure customers to download an application on their mobile phone / computer and through this, the attackers access all the customers’ data on that customer device.
- Collect request
Here, the attackers sent collect request on fake payment requests on UPI platforms and other payment modes asking the people to ‘Enter your UPI PIN’ to receive money.
- Sending fake numbers of banks etc
Here, the attackers sent fake numbers of banks / e-wallet providers on webpages / social media etc. to the customers. When the customers contact the number, they may submit personal financial data and thus get cheated.
Pharming is also known as DNS poisoning. It is a technically complex form of phishing that uses the internet’s domain name system (DNS). Pharming reroutes legitimate web traffic to a spoofed page without the user’s knowledge and in this way, the attackers steal valuable information.