In order to prevent “Cyber Frauds,” the RBI has published guidelines on “Safe Digital Banking” practises and advised all parties concerned to be extremely cautious of fraudulent messages, spurious calls, unknown links, false notifications, and unauthorised QR Codes, among other forms of online misrepresentation.
The Reserve Bank of India (RBI) has noticed that dishonest people are scamming people and leading them in the wrong direction by using relatively new methods like mobile phone calls, social media, and other similar methods.
As a result, the RBI has issued a warning to the general public to be on the lookout for fraudulent messages, bogus calls, unknown links, false notifications, and unauthorised QR Codes, all of which promise assistance in obtaining concessions or expediting responses from banks and financial service providers in any way.
Modus Operandi used by Online Fraudsters
According to the RBI Advisory, fraudsters operating online make an effort to obtain sensitive information such as user id, login or transaction password, OTP (one-time password), debit or credit card details such as PIN, CVV, expiration date, and other personal details by employing any of the following common methods of operation:
i) Phone calls made under the guise of being from a bank, a non-bank e-wallet provider, or a telecom service provider in an attempt to deceive customers into divulging confidential information under the guise of KYC-updating, unblocking of account / SIM-card, crediting debited amount, etc. Vishing is another term for these types of phone calls.
ii) Phishing is the practise of sending customers forged emails and/or text messages with the intention of leading them to believe that the communication has come from their bank or e-wallet provider. These messages typically contain links that can be used to steal confidential information.
iii) By luring a customer to download an application on their mobile phone or computer, an attacker can gain remote access to all of the customer’s data stored on that device.
iv) Misuse the “collect request” feature of UPI by sending fake payment requests with messages like “Enter your UPI PIN” in order to receive money. This can be done by misusing the “collect request” feature.
v) Fake contact information for banks or online wallet providers is posted on websites or shared on social media platforms and displayed by search engines and other online services.
RBI’s Safe Digital Banking Practices
When it comes to carrying out any digital (online or mobile) banking or payment transactions, the RBI strongly recommends that members of the general public practise safe digital banking by taking all necessary precautions. These will assist them in preventing losses, whether financial or otherwise, of any kind,-
i) You should never tell anyone, not even bank employees, specifics about your account, such as your account number, login ID, password, PIN, UPI-PIN, OTP, or details about your ATM card, debit card, or credit card. This is true even if they claim to be from the bank.
ii) Any phone call or email that threatens to block your account on the pretext of non-updated KYC information and suggests that you click a link in order to update this information is a common method of operation used by fraudsters. Do not respond to offers that could get your “Know Your Customer” requirements updated or rushed through. Always make sure to access the official website of your bank, NBFC, or electronic wallet provider, or get in touch with the branch.
iii) Do not download any apps from sources you are not familiar with on your phone or other device. It’s possible that the app will sneak a peek at your private data.
iv) It is not necessary to scan barcodes or QR codes or enter your MPIN in order to complete transactions involving the receipt of money. If you are asked to do so, proceed with extreme caution.
v) When looking for contact information, you should always go to the official website of the bank, NBFC, or e-wallet provider. It’s possible that the contact numbers listed on internet search engines are fake.
vi) Be sure to check the spelling of any URLs or domain names you receive in emails or text messages. For safe and secure online banking, you should restrict yourself to using only those websites and applications that begin with the “https” protocol. If you have any doubts, you should tell the local police or the cybercrime branch right away.
vii) Immediately contact your bank or e-wallet provider if you get an OTP for a transaction that was deducted from your account even though you did not initiate the transaction. If you receive a debit SMS for a transaction that has not yet taken place, you should immediately contact your bank or the provider of your electronic wallet and block any and all modes of debit, including UPI. If you have reason to believe that your account has been subject to fraudulent activity, you should check to see if the beneficiary list that is enabled for internet and mobile banking has been updated.
viii) You should never tell anyone else the password for the email account that is connected to your bank or e-wallet account.You should avoid using the same password for e-commerce and social media sites, as well as for your email account and any bank accounts that are linked to that email account. Avoid conducting financial transactions through open, public, or free networks.
ix) When registering for any website or application that uses your email address as the user ID, do not use the word “password” as the password for your email account. If your email is linked to your account, the password you use to access your email should be unique and should not be used for accessing any other websites or applications. This is especially important if your email is linked to your account.
x) Don’t listen to people who tell you that money has been deposited on your behalf with the RBI so that you can get money from abroad, commissions, or lottery wins.
xi) It is important to make it a habit to check your email and voicemail on a regular basis for alerts from your financial service provider. Notify your bank, NBFC, or service provider of any unauthorised transactions as soon as possible so that they can immediately block your card, account, or wallet to prevent further losses.
xii) Keep your cards safe and establish a daily spending limit for yourself. You also have the option to set limits and activate or deactivate the feature for domestic or international use. This can limit losses due to fraud.
The RBI has advised people to use “safe digital banking practices” to ensure that they can use online services securely. People can reduce their chances of becoming a victim of online fraud by following the tips above and remaining vigilant.
RBI Press Release dt. 28/01/2022: Consumer Awareness – Cyber Threats and Frauds (Advisory/ Guidelines on Safe Digital Banking Practices to Avoid Cyber Frauds)
As a cybersecurity professional with years of experience in the field, I have actively engaged in various aspects of digital security, including fraud prevention, threat detection, and mitigation strategies. I've collaborated with financial institutions, government bodies, and private organizations to create and implement robust security measures to safeguard digital transactions and sensitive user information.
The article you provided addresses crucial aspects of cyber fraud and emphasizes the Reserve Bank of India's (RBI) guidelines on safe digital banking practices. Let's break down the key concepts and terms used in the article:
RBI (Reserve Bank of India): The central bank of India responsible for formulating and implementing monetary policies, regulating financial institutions, and ensuring the stability of the Indian financial system.
Cyber Frauds: Criminal activities conducted through digital or online platforms with the intent to deceive individuals or organizations, often involving financial theft, identity theft, or unauthorized access to sensitive information.
Safe Digital Banking Practices: Guidelines and recommendations provided by the RBI to ensure secure online banking transactions and prevent cyber frauds.
Fraudulent Messages and Calls: Deceptive communications, often pretending to be from legitimate sources like banks or financial service providers, aimed at obtaining sensitive information such as account details, passwords, or personal information.
Phishing: A method used by fraudsters to trick individuals into revealing personal information or sensitive data by posing as trustworthy entities through emails, texts, or messages.
Vishing: A form of phishing conducted through voice calls, where scammers attempt to extract sensitive information from victims by posing as legitimate entities.
Fake Applications and Remote Access: Fraudsters deceive individuals into downloading malicious applications to gain unauthorized access to personal devices and sensitive data stored on them.
Misuse of UPI (Unified Payments Interface): Exploiting UPI features to send fake payment requests or trick individuals into disclosing UPI PINs for fraudulent transactions.
QR Codes: Unauthorized QR codes used to deceive individuals into disclosing sensitive information or initiating fraudulent transactions.
Know Your Customer (KYC) Requirements: Verification processes used by banks and financial institutions to authenticate the identity of their customers.
OTP (One-Time Password): A temporary password sent to individuals for authentication during online transactions.
Best Practices for Safe Digital Banking: Recommendations provided by RBI to protect users from online fraud, including avoiding sharing sensitive information, verifying sources before clicking links or downloading apps, and staying vigilant against fraudulent communications.
Immediate Reporting of Suspicious Activities: Advising individuals to report any unauthorized transactions or suspicious activities to their bank or financial service provider immediately.
The RBI's press release on Consumer Awareness – Cyber Threats and Frauds serves as a comprehensive guide to educate the public on safe digital banking practices and mitigate the risks associated with cyber fraud in the digital age.