Since the advent of the COVID-19 threat, nations have resorted to a complete ‘Lockdown’ and have been encouraging people to stay at home, as also work from home. This then has driven the users to operate from home on the only digital means of Internet based working. The extensive use of the internet has inturn motivated Fraudsters and Cyber Criminals to leverage technology and entice users on the internet into becoming cyber crime victims. This Digitally Savvy perpetrators have been able to use collated data of customers and select the form of attack and cheat customers through available conventional cyber attacks, like phishing, SMS based attacks.
It is a known fact, that in India, many of the customer data including ‘savings bank account numbers’, ‘AADHAR Card details’, ‘PAN’ and so on, are easily available to cyber criminals. A typical crime has been going around after the Reserve Bank of India (RBI) had announced a three-month moratorium on all types of payments, loans, and credit cards bills between 31 March 2020 and 31 May 2020. This has been done by the Government to provide a level of ease, to the consumers, who will be facing difficulty to pay EMI due to job loss or non-payment of salary during the lockdown period. Though this comes as a ray of hope for many; it can also be a misery for those who may fall into the hands of Fraudsters, who are planning to make a fast buck through crime at the behest of the pandemic due to coronavirus.
Even as customers await communication from their banks to avail the government benefit, scamsters’ having privy to information over the Internet or other related means are using that data to steal money. These Operatives have come up with a new modus operandi to defraud customers. These scammers first call up customers claiming to be a relationship manager of their bank and ask for their account credentials for ‘safety purposes’. In many cases, based on this data, the criminal generates a one-time-password which they then somehow take from the customer, and once this is shared, the customer’s account is cleaned out.
In a related incident, the fraudster used the data of a customer from the customer complaints addressed to a bank. As some customers provide sensitive data, including the account number linked to their phone number on Twitter or on banks’ website, phishers gather this data to lure customers into believing that they are legitimate bankers. Once the customer is lured into believing that the caller is a banker, they provide their sensitive information to the phisher on call and then fall victim to them.
Major banks in India including HDFC Bank, ICICI Bank, SBI and others are warning citizens about this new scam. Banks have been alerting their customers of cyber frauds that can happen while availing EMI moratorium. On 05 April 2020, the State Bank of India (SBI) tweeted this: “Cyber fraudsters keep finding new ways to scam people. The only way to beat the cybercriminals is to Be Alert & be aware. Please note that EMI Deferment does not require OTP sharing. Do not share your OTP.” ICICI Bank, too, has been warning customers about this via emails to their customers and through social media. “In some cases, fraudsters are calling customers, asking them for an OTP to avail the moratorium announced by banks to defer their EMIs. Once the OTP is shared by the customer, the fraudsters siphon off money from their account immediately,” ICICI Bank stated in an advisory.
This heartless attitude is being used to make a fast buck, even during the ongoing COVID-19 pandemic. These criminals see an opportunity to dupe gullible customers of their savings. Citizens in the rural areas and those not exposed adequately to the digital world are most vulnerable. Senior citizens who seldom use the internet for digital transactions, are more prone to be defrauded by phishers. Remember, no link is safe, no call is true, and no amount of digital safety is completely adequate.