Kohima, July 08 (NEx): The article on Law in Motion 27: Cyber Crimes 19- “Identity theft, Online banking Frauds, Psychological Tricks of social engineering & Virus Attacks”, written by Rupin Sharma, IPS.
Law in Motion 27: CYBER CRIMES – 19
Besides social media frauds, there are numerous other types of cyber- crimes, some of which can be bracketed as follows – (a) Identity theft (b) Online banking Frauds (b) Psychological Tricks of social engineering (d) Virus Attacks.
(a) Identity Thefts-
Identity theft is the act of wrongfully obtaining someone else’s personal information without their permission or consent. The personal information in question may mean only names or family details or data of birth of the victim or his or her family members or associates, personal medical records or data, documents pertaining to education or employment or jobs, data pertaining to bank accounts or insurance or financial or tax details, Aadhaar details, driving license, credit or debit card details or passwords or login details pertaining to online banking applications or online shopping websites or apps etc.
Identity thefts can have multiple adverse effects or implications for the victim or his associates. Some of the adverse implications are listed below:-
(i) Gain access to more information about family/ friends;
(ii) Gain access to bank accounts;
(iii) Apply for new credit/ debit cards etc;
(iv) Apply for new insurance policies or encash insurance policies by forging other records or documents;
(v) File for tax refunds and change nomination details in banks or financial institutions or for taxes;
(vi) Obtain new driving license or immigration documents or passports etc under assumed identities/old names;
(vii) Create new social media accounts with assumed identities;
(viii) Get medical treatments on your insurance papers;
(ix) Assume your identity on social media to defraud others;
(x) Give your name to police/law enforcement agencies at the time of arrest;
(xi) Commit crimes under your identity;
(xii) Defraud your friends by projecting desperation for himself.
Some examples of identity thefts are:
–Hacking or gaining access to Social Media Accounts –
Once the attacker/ fraudster knows your personal details, he can access your Social Media accounts and use it for posting undesirable content like videos or photos or documents or even comments to defame the victim.
Sending obnoxious messages to your contacts to cause differences or even invite hatred to you or tricking others to commit crimes against them.
–Misuse of Photocopies of ID Proofs–
Once the attacker has accessed copies of Identity papers, these can be used to steal money or impersonate on the internet and social media to cause more harm. The thief can obtain loans or do shopping etc. too.
–Credit/ Debit card Skimming –
Small devices called skimmers can be attacked to point of sale (PoS) machines. These skimmers can capture data from the magnetic strips of the credit and debit cards like card numbers or their validity or expiration data.
Similarly, skimmers can also be appended to ATMs to capture data and make online transactions or purchases.
Precautions for Identity Thefts-
(i) Keep your computer/ smartphone/ credit cards/ debit cards data secure;
(ii) Avoid using cards from unknown counters;
(iii) Never give your cards to people to swipe at hotels/ restaurants/ malls/ shops if these can be taken out of your sight;
(iv) Never write your CVV numbers on cards. Rub or scratch them off from cards. Surely it is not difficult to memorize 4 digit or 3-digit numbers.
(v) Do not disclose your OTPs to anyone – even to bank officials or persons impersonating as bank employees. No bank ever asks for OTPs.
(vi) Set-up two-stage verification for financial transactions.
(vii) Always use MOBILE LOCK FEATURES for mobile phones and
(viii) Do not leave mobiles unattended;
(ix) Use 2-step verification procedures for mobiles/computers especially for transactions;
(x) Register your mobile numbers with social media or mobile banking or internet banking websites or apps so that you receive alerts for transactions;
(xi) Always link bank accounts, Pan and Insurance Policies to mobile numbers or email addresses to receive transaction alerts or confirmations;
(xii) Delete any documents downloaded at public computers or cyber cafes.
(xiii) When giving documents for banks/public utilities, always write down the purpose/ office on the document to prevent any misuse of documents;
(xiv) Never provide details or copies of identity proofs like PAN Card, Aadhaar Card, Voter ID card, Driving License etc. to unknown persons or organisations;
(xv) Be careful while using ID proofs in suspicious places;
(xvi) Do not share sensitive personal information on public platform -e.g., Date of Birth, Aadhaar, PAN, Bank A/C, birth place, family details, address, phone numbers, email addresses etc.
(xvii) Always report suspicious transactions to police or banks wherever required;
(xviii) Immediately block credit cards/debit cards immediately upon learning of identity thefts;
(xix) Immediately change passwords/ PIN numbers for your bank accounts or mobile or smartphones or computers on any suspicion of any identity theft;
(xx) Immediately inform your friends/ associates and family members so that the fraudsters do not use your identity to con others.
(b) ONLINE BANKING FRAUDS –
Better connectivity, speed of internet and proliferation of mobile phones has meant that financial services are almost available at the doorsteps or on the mobiles and computers. Most banking services, right from opening of bank accounts to updating of accounts, banking transactions to confirmation of transactions are all shifting online. While internet or online banking facilitated banking, the availability of apps and UPI apps integrated with the mobile numbers, Aadhaar numbers have made banking reach all sections of people.
The traditional physical, hand-copies of forms or cheque books or passwords are no longer required if a user is literate and can operate a mobile phone. No physical contact with a bank or any other person is required to transact.
Just as services have shifted online, cyber frauds related to banking and online banking have also increased. Therefore, it is imperative that adequate caution and security be exercised by users.
Some of the examples of online banking frauds are: –
(i) Digital Payments Apps related Attacks – these attacks can take place by either use of outdated apps, or fraudulent/ fake apps or sharing of passwords, sharing of OTPs, sharing phones to others, compromise of the smartphones by phishing, vishing or smishing, or even hacking of smartphones;
(ii)Weak passwords for Bank Accounts – if a user has a weak password for bank account or for transactions, the account can be hacked. It is suggested that always use passwords which have at least 8 characters with al least one in Capital letter, one numerical and one symbol, Mix and match of such characters makes difficult to break the passwords.
Once a password is compromised and bank account is accessed, the attacker or fraudster can do anything with the money in the account;
The attackers/ fraudsters may also undertake fraudulent transactions like accessing pornographic websites etc. to defame the victims or even spend money on online gaming or betting etc.
(iii) Hacking multiple accounts-
Do not use the same password for multiple bank accounts because any compromise could lead to multiple accounts being compromised/ hacked by the attacker/ fraudster.
Precautions to prevent Online Banking Frauds –
-Never share your mobile unlocking PIN or passwords with anyone;
-Register your personal phone number and email with your bank and subscribe to notifications or alerts will immediately inform you about any transactions, including the ones you have not done;
-The notifications will alert users to unsuccessful login attempts to your bank accounts including your own unsuccessful attempts;
– Always review the transaction alerts to see whether either you have carried out the the transactions or you have authorized the transactions – e.g., locker rents, ATM charges, SMS notification charges etc.
– Always keep maximum transaction limits for your accounts for online transactions;
– To add new users or beneficiaries, always use the process of authorization by using OTPs and passwords. These steps will prevent the fraudsters from including new beneficiaries to your accounts – beneficiaries which may be fake or fraudulent;
– Secure your bank accounts using 2-step verification;
– Be careful while installing mobile banking applications;
– When accessing banking websites for online transactions, ensure to type bank name/ initials rather than clicking on links;
– While using websites, check if the URLs are https i.e., secure websites rather than only http.
– If possible, use virtual keyboards for punching in login names, passwords and OTPs.
– Report frauds to police.
– Use different passwords for different bank accounts;
– Make your passwords or PINs difficult to guess for a hacker or fraudsters who can access your personal details;
– If your online account has been hacked/ attacked, please immediately change passwords and ask the bank to BLOCK transactions quickly;
– Do not share your user names and passwords in the web browsers like chrome, edge, internet explorer, safari or mobile because if the browser data is compromised, the risk is immense.
By Rupin Sharma IPS