Fraudsters 'hacking' consumers' minds to steal money

Customers need to be educated on appropriate digital behaviors and banks/financial institutions will have to play an important role in imparting this knowledge to public at large.

India's digital dream is becoming a reality. The country has surged ahead as the global leader in real-time payments with the volume of digital transactions growing multifold in recent years.

No one could have predicted this; not just in terms of growth but also in terms of availability of so many safe, secure, innovative, and efficient payment systems. Indians are embracing digital payments as they find it safe. India's payment ecosystem is protected through two-factor authentication, which makes it extremely difficult for fraudsters to steal money from consumers' bank accounts.

But despite the two-factor authentication people are falling prey to cyber fraud attacks. This is because fraudsters are increasingly using social engineering tactics to extract confidential banking information from customers. They are using scripts based on Greed, Threat, and Help ("GTH") and luring customers in sharing passwords, PINs, OTPs, and other confidential information. In a way, fraudsters are attempting to 'hack consumers' minds' as they are failing to manipulate the system.

Fraudsters have derived new ways to steal the second factor authentication details from the customers. They are creating fake websites (lookalike) and asking customers to click and fill in their credentials (customer ID, password, OTP, etc.), which are then used by fraudsters to do unauthorized transactions and defraud the customers. Customers, on the other hand, continue to believe that the secret code/information was not shared by them.

Hence, consumers need to be more careful while transacting digitally. Customers need to stay vigilant while clicking any link which is sent by any unknown person/number and should ideally refrain from submitting their secret codes/information on the sites which are opened through such links.

Today, most of the cyber frauds happen only when consumers, knowingly or unknowingly, share their confidential banking information with fraudsters, who pose as bankers, customer care executives, utility service providers, medical practitioners, buyers/sellers.

This is undoubtedly the golden era for evolution of digital payments in India. In fact, it is no longer an evolution but more of a revolution. Hence, there is an urgent and immediate need to spread awareness on safe banking habits among masses. Customers need to be educated on appropriate digital behaviors and banks/financial institutions will have to play an important role in imparting this knowledge to public at large.

Here is a list of dos and don'ts that customers need to follow while transacting digitally:

• Do not click unverified links sent via text or WhatsApp messages

• Be alert of fraudulent calls that ask you to download third-party apps on the pretext of resolving your complaint

• Mobile phone is your identity, in case it suddenly stops working, immediately place 'no debit' request on your connected bank accounts and contact your telecom service provider to get your service restored

• Visit only official websites for getting helpline/customer care numbers

• Do not share confidential banking information like passwords, OTPs, PINs, CVVs, etc. with anyone

• Beware, for receiving money through Unified Payments Interface ("UPI") you don't need to enter PIN or scan QR code

• Report unauthorized transactions in your bank account immediately, also report any such incident to the National Cyber Crime Helpline number by calling 1930

The author is Manish Agrawal, Head – Credit Intelligence and Control, HDFC Bank