www.infosecawareness.in Agenda Financial Safety and Security - - - PowerPoint PPT Presentation

INFORMATION SECURITY AWARENESS keeping yourself and your family safe in a tech driven world

www.isea.gov.in www.infosecawareness.in

Agenda

Financial Safety and Security - Awareness

• E-wallet- Usage, security and Guidelines
• Insta loan frauds – during Covid-19

e-Wallet – Usage, Security and Guidelines

Information Security Education and Awareness (ISEA) Project Phase-II

Introduction

• Payment Applications are freely available

by many banks and financial institutions for online payments.

• Available in Android, IOS and many other

smartphones.

• These applications uses your phone’s

Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available)

• Most of us switched from physical

currency to e-wallet payments as it is flexible to use – payments, bills, transfer, invest, savings and get good offers while purchase as well.

Payment Apps

Types of Wallets and Activation

• Payment Applications are categorized

into Bank provided, Independent wallets, telecom wallet and third party apps.

• All these applications required registered

Mobile number (RMN) configure through Bank A/c UPI / Credit card / ATM Card details for loading / referring money.

• Set a password
• Use finger print lock if available

Different types of Payment Apps

Threats to Payment Apps

Few security threats/frauds you need to know about.

• 1. OTP - Frauds
• 2. QR Code – Frauds
• 3. Screen sharing apps - “anydesk” or “quicksupport”
• 4. Customer Care numbers
• 5. KYC Verification frauds
• 6. Loan on Phone – Mobile app security concerns

1. . OTP Frauds

• Never share OTP of your payment app

to any one over a phone call.

• Fraudsters pretending themselves as

Bank official and calling for verification

• f Application.
• Bank officials/financial institute never

ask for OTP from users.

2. . QR Code Fraud - Few tric icks used by fr fraudsters

• Fraudster will share QR code for

payment of goods you purchased

• nline / OLX.
• When you scan and start transaction,

it ask for your PIN.

• Remember – When you are receiving

money, you never give your PIN

• Never share your QR code to any one.

It contains all your bank account details in it.

• Be careful while your scanning and

paying amount at shops.

3.S .Screen Sharing Apps

• Never download and install “anydesk” or

“quicksupport”

• If you install these applications, your

mobile screen can be viewed by some one at other end.

• They can take out your UPI PIN and other

important financial passwords

• Most of the customer care frauds are

happened through this.. You may loose money

4. . Customer Care

• Never search for customer care number

through google.

• If you search you get plenty of fraud

customer care numbers

• The payment wallets/App have Help desk

inside the app.

• Connect the customer care support from

the app

5. . KYC Verific ication

• The Bank official will never call you for KYC

verification

• If some one called and informed to verify

KYC other wise your account will be Blocked – never do it.

• Never click any links shared for verification
• f KYC
• Never give access /install app like Anydesk
• r quick support apps.. These apps steal

your information

• You loose your amount from your bank

Securing Mobil ile Applications:

• Update Payment Apps
• Update your payment apps from time

to time.

• Added protection
• Every App has two step verification -

we need to enable (It takes Screen Lock as default lock)

• Change password regularly
• Never share password or OTP with

any one over call/sms.

Financial Frauds increased during COVID-19 Pandemic situations

• There is an increase of cyber

frauds during lockdown period.

• Olx frauds, money lending

apps-loan frauds, online wine, Stock broking/mutual – online investments, e- commerce etc.,

Loan on Phone

• Bank Apps:
• All Top Banks and Money

lending institutions have their apps and offering Insta loans.

• Which are as per the bank

norms.

Non-Banking / Financial Institutions- Mobile Money lending Apps:

What In Information these apps colle llect for sin ingle le clic lick k lo loan???

Modus operandi

• Scammers do a random calling of numbers collected from dark web of prospective persons who are looking for loans

and then use the phishing techniques to collect money. Let me explain all three modus operandi separately. (a) Fake agents representing corporates

• Scammers make random calls, send SMS / WhatsApp texts and gain confidence on the telephonic discussions. Victims

get lured to send their credentials and in the next step they get a fake verification completeness certificate and a scanned copy of the cheque.

• After that scammers ask the victim to send fake GST and support fee and to gain the confidence of the victim the

scammers will send a courier receipt of the cheque sent. (b) Fake identity personal loan frauds

• Details of the identity cards like PAN/ Aadhaar card are bought by the scammers to apply for the personal loans with

morphed photographs. They open a bank account and maintain regular salary transfers, and then apply for loans. Once the loan is sanctioned the scammer disconnects all communications.

• Usually victims come to know about the scam only when they apply for a new loan and they see someone has already

applied for loan on his identity (As reflected in CIBIL). (c) Fake instant personal loan fraud

• Victims get SMS / WhatsApp texts of instant personal loans. When the victim calls the number and start the process,

the scammers asks them fill few forms which has OTP / UPIN details and there by lose money.

Source: Telanganadoay.

How to safeguard yourself from such frauds

• Fraudsters in phishing scams obtain details of personal or financial

information of the victim

• Look for a secure payment (https:// – URL with a pad lock symbol)
• Never share OTP / PIN Numbers in any form, to the buyer or seller
• Never do transactions while you are on call
• Do not click and fill up any short links provided by the buyer or seller
• Do not fill google forms provided by the buyer or seller
• Do not scan QR codes, if you scan, it means your money is getting

debited from account

• Banker will never ask for an advance fee before the processing of loan
• application. Banks charge a processing fee, which is deducted from

the loan amount.

Case on Yes Bank App:

• Prateek is a victim Phonepe fraud and lost of Rs. 50K.
• A fraudster called to Mr.Prateek phone, true caller on his mobile displayed

the fraudster number as Prateek's relative.

• Once Prateek picked up the call, the fraudster has informed that I am your

relative, I have Problem in my YES Bank account.

• I will send you Rs. 20k, so you deposit back Rs.20K in the account number

which I share you over SMS.

• When Prateek opened the SMS, he seen one link, when he clicked the link it

redirected to his PhonePe account and Rs.50K was debited from his bank account.

How it happened?:

• He shocked, did not understand anything, why this was happened to him,

when he go back and checked his old messages,

• Prateek found that he has received one similar link few days ago posing as

some offer on Maya website (90% discount App), so he clicked and installed that application, but never used it.

• After a weeks time this call is received by a fraudulent person, this leads

to loss of his hard earned money.

• When he wanted to raise a complaint at PhonePe, the customer care

executive confirmed that you have entered the PIN, so we cannot do anything.

• TIP: Never download mobile apps from unknown sources – A chain app

referred by his friend over message.

Advisories:

• Never share OTP, CVV, PIN to anyone unless you are sure that you are
• n a Secure Payment Gateway of platform
• Your account never blocked by any e-Wallet unless if you have done

fraudulent activities

• Never download and install “anydesk” or “quicksupport” applications

to complete re-activate process.

• Never share QR code or Scan received QR code for payments
• Never click unknown links for payment activities
• Never verify your KYC through a phone call or by a link
• Never search for Customer care number from Google / search engines

– use App help desk only or look up the official website and call the number listed there

• Also, do not park your funds in one account so as to not lose much in case

you do end up falling for such a trap.

• Avoid using public/open WiFi for financial transactions as they are a haven for

criminals looking to intercept your connection and use it to steal passwords, banking or credit card information, and other personal data.

• When using a Secured network, make sure that the sites you are using are

protected using SSL (Secure sockets layer), or consider using a VPN to protect your transaction

• SSL websites starts with HTTPS and has a padlock

• How to check for SSL?

For Mozilla Firefox Browser Right Click a blank area of the screen and select “view page info”

• r “Properties”. Look for an entry for

“connection” or “Security” which is followed by encryption status and protocol used.

Source: https://smallbusiness.chron.com/tell-website-using-ssl-53686.html

You can also see what permissions have you given by clicking the “Permissions” option

Partia ially Encry rypted pages: : HTTPS also includes content fetched from HTTP

• One simple way to identify non-https URLs on a web page and fix the

mixed content warnings. For Google Chrome Browser

• Open the web page in problem in your Chrome web browser on computer. Right click on the

page and select Inspect from the context menu.

• Then the Developer Tools for Chrome will show up.
• Click the Security tab, you will see the Security overview
• Reload the page and under overview, Main and non-secure origins

Lost your money in in e-wallet frauds? Here’s what you need to do

• In January 2019, the Reserve Bank of India (RBI) mandated all users of mobile

wallets to be provided with the same safety as offered to regular credit or debit

• cardholders. Here's all you need to know
• The central bank made it mandatory for all transaction SMSes that users

receive from these platforms to have a contact number or email ID which can be used to report unauthorised transactions immediately, if necessary.

• RBI also asked digital wallet companies to set up 24x7 customer care helplines

where people can report fraud or any loss or theft in order to ensure that customers are assisted and given a full refund if a case of fraud occurred due to the negligence or deficiency on the part of the wallet provider.

RBI Rules

Key Highlights A customer is liable for any loss caused due to unauthorised transactions if it happened because of their own negligence If unauthorised or fraudulent transactions are reported within three days, the entire amount is be refunded If the fraud is reported within four to seven days, the transaction value or Rs 10,000, whichever is lower, be refunded If the fraud is reported after seven days, the refund will be as per the RBI-approved policy of the e-wallet company.

• Source: https://www.timesnownews.com/business-economy/personal-finance/planning-

investing/article/lost-money-in-e-wallet-fraud-heres-what-you-need-to-do/520299

• Download the handbook on digital

Financial Transaction :

• https://infosecawareness.in/handbooks

Stay Home… Stay Safe….

Tha Thank nk Yo You u