INFORMATION SECURITY AWARENESS keeping yourself and your family safe in a tech driven world www.isea.gov.in www.infosecawareness.in
Agenda Financial Safety and Security - Awareness • E-wallet- Usage, security and Guidelines • Insta loan frauds – during Covid-19
e-Wallet – Usage, Security and Guidelines Information Security Education and Awareness (ISEA) Project Phase-II
Payment Apps Introduction • Payment Applications are freely available by many banks and financial institutions for online payments. • Available in Android, IOS and many other smartphones. • These applications uses your phone’s Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) • Most of us switched from physical currency to e-wallet payments as it is flexible to use – payments, bills, transfer, invest, savings and get good offers while purchase as well.
Types of Wallets Different types of Payment Apps and Activation • Payment Applications are categorized into Bank provided, Independent wallets, telecom wallet and third party apps. • All these applications required registered Mobile number (RMN) configure through Bank A/c UPI / Credit card / ATM Card details for loading / referring money. • Set a password • Use finger print lock if available
Threats to Payment Apps
Few security threats/frauds you need to know about. 1. OTP - Frauds 2. QR Code – Frauds 3. Screen sharing apps - “ anydesk ” or “ quicksupport ” 4. Customer Care numbers 5. KYC Verification frauds 6. Loan on Phone – Mobile app security concerns
1. . OTP Frauds • Never share OTP of your payment app to any one over a phone call. • Fraudsters pretending themselves as Bank official and calling for verification of Application. • Bank officials/financial institute never ask for OTP from users.
2. . QR Code Fraud - Few tric icks used by fr fraudsters • Fraudster will share QR code for payment of goods you purchased online / OLX. • When you scan and start transaction, it ask for your PIN. • Remember – When you are receiving money, you never give your PIN • Never share your QR code to any one. It contains all your bank account details in it. • Be careful while your scanning and paying amount at shops.
3.S .Screen Sharing Apps • Never download and install “anydesk” or “quicksupport” • If you install these applications, your mobile screen can be viewed by some one at other end. • They can take out your UPI PIN and other important financial passwords • Most of the customer care frauds are happened through this.. You may loose money
4. . Customer Care • Never search for customer care number through google. • If you search you get plenty of fraud customer care numbers • The payment wallets/App have Help desk inside the app. • Connect the customer care support from the app
5. . KYC Verific ication • The Bank official will never call you for KYC verification • If some one called and informed to verify KYC other wise your account will be Blocked – never do it. • Never click any links shared for verification of KYC • Never give access /install app like Anydesk or quick support apps.. These apps steal your information • You loose your amount from your bank
Securing Mobil ile Applications: • Update Payment Apps Update your payment apps from time to time. • Added protection Every App has two step verification - we need to enable (It takes Screen Lock as default lock) Change password regularly Never share password or OTP with any one over call/sms.
Financial Frauds increased during COVID-19 Pandemic situations • There is an increase of cyber frauds during lockdown period. • Olx frauds, money lending apps-loan frauds, online wine, Stock broking/mutual – online investments, e- commerce etc.,
Non-Banking / Financial Institutions- Mobile Money Loan on Phone lending Apps: • Bank Apps: • All Top Banks and Money lending institutions have their apps and offering Insta loans. • Which are as per the bank norms.
What In Information these apps colle llect for sin ingle le clic lick k lo loan???
Modus operandi • Scammers do a random calling of numbers collected from dark web of prospective persons who are looking for loans and then use the phishing techniques to collect money. Let me explain all three modus operandi separately. (a) Fake agents representing corporates • Scammers make random calls, send SMS / WhatsApp texts and gain confidence on the telephonic discussions. Victims get lured to send their credentials and in the next step they get a fake verification completeness certificate and a scanned copy of the cheque. • After that scammers ask the victim to send fake GST and support fee and to gain the confidence of the victim the scammers will send a courier receipt of the cheque sent. (b) Fake identity personal loan frauds • Details of the identity cards like PAN/ Aadhaar card are bought by the scammers to apply for the personal loans with morphed photographs. They open a bank account and maintain regular salary transfers, and then apply for loans. Once the loan is sanctioned the scammer disconnects all communications. • Usually victims come to know about the scam only when they apply for a new loan and they see someone has already applied for loan on his identity (As reflected in CIBIL). (c) Fake instant personal loan fraud • Victims get SMS / WhatsApp texts of instant personal loans. When the victim calls the number and start the process, the scammers asks them fill few forms which has OTP / UPIN details and there by lose money. Source: Telanganadoay.
How to safeguard yourself from such frauds • Fraudsters in phishing scams obtain details of personal or financial information of the victim • Look for a secure payment (https:// – URL with a pad lock symbol) • Never share OTP / PIN Numbers in any form, to the buyer or seller • Never do transactions while you are on call • Do not click and fill up any short links provided by the buyer or seller • Do not fill google forms provided by the buyer or seller • Do not scan QR codes, if you scan, it means your money is getting debited from account • Banker will never ask for an advance fee before the processing of loan application. Banks charge a processing fee, which is deducted from the loan amount.
Case on Yes Bank App: • Prateek is a victim Phonepe fraud and lost of Rs. 50K. • A fraudster called to Mr.Prateek phone, true caller on his mobile displayed the fraudster number as Prateek's relative. • Once Prateek picked up the call, the fraudster has informed that I am your relative, I have Problem in my YES Bank account . • I will send you Rs. 20k, so you deposit back Rs.20K in the account number which I share you over SMS. • When Prateek opened the SMS, he seen one link, when he clicked the link it redirected to his PhonePe account and Rs.50K was debited from his bank account.
How it happened?: • He shocked, did not understand anything, why this was happened to him, when he go back and checked his old messages, • Prateek found that he has received one similar link few days ago posing as some offer on Maya website (90% discount App), so he clicked and installed that application, but never used it. • After a weeks time this call is received by a fraudulent person, this leads to loss of his hard earned money. • When he wanted to raise a complaint at PhonePe, the customer care executive confirmed that you have entered the PIN, so we cannot do anything. • TIP: Never download mobile apps from unknown sources – A chain app referred by his friend over message.
Advisories: • Never share OTP, CVV, PIN to anyone unless you are sure that you are on a Secure Payment Gateway of platform • Your account never blocked by any e-Wallet unless if you have done fraudulent activities • Never download and install “anydesk” or “quicksupport” applications to complete re-activate process. • Never share QR code or Scan received QR code for payments • Never click unknown links for payment activities • Never verify your KYC through a phone call or by a link • Never search for Customer care number from Google / search engines – use App help desk only or look up the official website and call the number listed there
• Also, do not park your funds in one account so as to not lose much in case you do end up falling for such a trap. • Avoid using public/open WiFi for financial transactions as they are a haven for criminals looking to intercept your connection and use it to steal passwords, banking or credit card information, and other personal data. • When using a Secured network, make sure that the sites you are using are protected using SSL (Secure sockets layer), or consider using a VPN to protect your transaction • SSL websites starts with HTTPS and has a padlock
• How to check for SSL? For Mozilla Firefox Browser Right Click a blank area of the screen and select “view page info” or “Properties”. Look for an entry for “connection” or “Security” which is followed by encryption status and protocol used. Source: https://smallbusiness.chron.com/tell-website-using-ssl-53686.html
You can also see what permissions have you given by clicking the “Permissions” option
Recommend
More recommend
