The average thief isn’t on the streets or in train stations anymore; but is online. A recent report by ACI Worldwide found that attempts of digital fraud have been on the rise. The report stated that the share of suspected fraudulent digital transaction attempts originating from India increased by 28.32 per cent over the 12 months ending March 2021 compared with the previous 12 months. Most recently, a woman from Madhya Pradesh lost close to ₹40,000 as a hacker gained access to her digital wallet.
Even though the method of each fraud is unique, the idea of social engineering fraud remains the same. These are carried out by attackers that directly interact with their victims, calling them and posing as an executive. Eventually, they are misled into giving sensitive information, which can allow access to their digital wallet or even their bank account. More often than not, bank accounts are linked to digital wallets, potentially compromising both. Hackers use various techniques like vishing, shimming and phishing when conducting such attacks.
The most common frauds taking place today are:
1) Know Your Customer (KYC) fraud
Fraudsters pose as company officials to dupe the victim into revealing sensitive information with the pretext of completing their Know Your Customer (KYC) policies. Fraudsters are known for gaining access by convincing victims to give them remote access to their devices to assist them in completing this KYC process. Unfortunately, once remote access has been granted, it’s already too late!
2) SIM-Port fraud
Also Read: Explained: Types Of E-Commerce Fraud And How To Shop Online Safely
Is a dangerous scam where gullible victims share their 10-digit unique SIM card number with cybercriminals posing as telecommunications executives. The scammers use this unique SIM card number to initiate a porting request, after which the SIM is shut down for 24 hours. Within 24 hours, the scammers issue a new SIM on the same number and then use it to login and reset the victim’s mobile wallets, net banking, UPI, and other log-in details.
3) QR Code fraud
Online marketplaces are a playground for hackers to conduct such scams. Upon seeing a classified ad, they target individuals posing as potential buyers. Once the deal is finalised, the fraudster shares a QR code with the victim, asking them to scan it to receive the payment. This is where victims are compromised.
4) Counterfeit Customer Care fraud
Attackers create phony customer care numbers on Google, Twitter, and Facebook, to dupe customers into calling them instead of the company they want to register a complaint with. Once again, the scammers pose as a company executive to attain vital financial information from its victim.
5) Cryptocurrency fraud
In January, multiple Internet celebrities had their social media handles compromised. Once hackers gained access to their grips, a video was posted to advertise a token asking for deposits of specific cryptocurrency in a particular wallet address. There are numerous cases where Ponzi cryptocurrencies have been hyped, and investors lose all their money to con artists who disappear from the face of the Earth.
How to prevent such attacks on your digital wallets:
1) Check Your Financial Statements
This is the most essential step to avoid any digital payments fraud. Once you get into vetting your statements, spotting irregularities will become second nature.
2) No Company Exec Will Ask for Remote Access
Customer service representatives will never ask you to give them remote access to your device. The most common remote access tool used in such attacks is Anydesk. Individuals should never share their unique Anydesk code with anyone and remember that company executives will never ask for your Debit or Credit Card details over the phone. Ask for the main switch/reception number and their extension to challenge and verify who they are.
3) Never Scan Unknown QR Codes
To prevent the most common QR code fraud in India, one must remember the fundamental principle of Unified Payment Interface (UPI)– individuals never have to scan a QR code or click on a link received through an SMS or email, to receive payment.
4) Enable Two-Factor Authentication
Utilize the SMS-based two-factor authentication to safeguard your accounts from being taken over. For example, even if your password gets leaked, only you get prompted with an OTP via SMS required to access a digital payment site or app.
5) Only Download Digital Wallet Apps from Official Websites
If you ever receive a link via SMS or email to install a new wallet, there are high chances that it may be rigged. So always download digital wallet apps from its official website.
6) Look for SSL encryption and PCI DSS-Compliance
While making any payments via a browser, a simple but effective measure every individual can take is to ensure the payment page is HTTPS-based. Always look for the sacred “s” at the beginning of a URL or a lock icon. If you are using a digital payment app, make sure the app is PCI DSS compliant. Always check what security measures your digital payments app has undertaken.
7) Cross-check every new cryptocurrency
Individuals must avoid getting swayed by the fear of missing out (FOMO). So, if you spot a celebrity or social media influencer endorsing a new cryptocurrency, wait. Don’t blindly follow what’s instructed.
8) Stop password reuse
Never reuse the same password on multiple websites. All it takes is an attacker to compromise one site, and they can use those same credentials on various other sites by trying their luck. Use a password manager, the password is stored in the browser of the operating system.
Bottom line is that young Indian netizens cannot let their guard down in today’s digital powered reality and need to be aware of all digital payments’ protocols. Individuals need to be careful of who they follow and not get easily influenced by digital personas. It is also imperative to not be impulsive- in most cases of digital wallet fraud, the victim at some point makes a hasty decision allowing the attacker to find loopholes and steal confidential data. Stephane Nappo aptly puts it, “The five most efficient cyber defenders are Anticipation, Education, Detection, Reaction and Resilience.”
About the author: Sean Duca is the Vice President and Regional Chief Security Officer for Asia Pacific & Japan at Palo Alto Networks. He’s based in Australia. Views expressed here are author’s alone.