The novel payment frauds in the times of Corona Virus
I recently tried transferring Rs. 1750/- to a payee account with a nationalized bank using IMPS. It is instantaneous, and my bank allows me to do IMPS transactions up to Rs. 5000/- without any formal registration.
I did that, and I received the confirmation message along with the IMPS reference number. I texted the payee that the money is transferred. So, that’s it.
The only hitch was that the payee did not receive the money. I asked him to wait as probably his bank’s messaging system wasn’t working, and he didn’t get a confirmation message. He is not someone who was using Internet banking. He had to go to the ATM the next morning to figure out that the said amount was not credited.
That’s when I relooked at the message that I received on the payment confirmation. I have made a mistake while typing the payee account number. I have keyed in 612 instead of 162 as the last three digits, which got credited in someone else’s account.
Now, what were the options that were available for me? There were very few as an IMPS transaction cannot be recalled. However, the payee bank was helpful. I spoke to the bank staff on the phone, sent them an email with the IMPS reference number and the transaction details.
They called the account holder with the number ending 612, and he agreed that he had received the said amount, and he wasn’t sure as to who has transferred. He decided to move that money into the original payee’s account, and the issue was settled.
In my case, the said amount was less, and the person who received the credit was extraordinarily kind and reachable. He did the needful immediately. Otherwise, it would have been a time-consuming affair.
Why is this relevant?
While this anecdote is not a fraud per se, these kinds of techniques can be used as deceptions by fraudsters. The created deceptions with the available technology make it easier for fraudsters to dupe.
Some of the examples are:
- While the PM Cares fund had pmcares@sbi as the official VPA, the fraudsters did away with loads of money using various handles like pmcarefund@sbi, care@sbi, pmcare@sbi, pncare@sbi, pncares@sbi, pmcaree@sbi, pmcaress@sbi, pmcares@hdfcbank, pmcares@pnb, pmcares@icici, and so on.
- At the beginning of the lockdown, masks and hand sanitizers were in short supply. Cybercriminals set up fake e-commerce sites selling sought after items in short supply. It would look like a proper e-commerce site where you make the payment. The goods never get delivered, and you go back to access the website, and you figure that the site is shut down.
- Very recently, online delivery of liquor was being spoken about in TamilNadu. Suddenly, a link sprung up with the URL https://try-tasmac.web.app/, and it turned out to be fake. In these cases, you don’t even want to complain anywhere as you are worried about getting shamed
- When RBI announced the moratorium, fraudsters called gullible customers posing as bank representatives. They tricked borrowers into sharing bank details and the OTP details, and they did away with the money in their accounts
- Malware and phishing – messages were sent stating that Netflix accounts were being provided free of cost for the entire lockdown period. When people click on it, malware gets installed on your computer or mobile, and they can even live relay your screen to the fraudsters. Besides, around 4000 domains have been registered in the past three months with keywords like COVID, Corona, Virus, and Vaccines. About 1700 domains were registered with the keyword Zoom. Criminals used these domains for phishing attacks.
Recently, there was a survey conducted by YouGov and ACI Worldwide with over 1000 Indian consumers. They figured that half of the Indian consumers were concerned about digital payments fraud.
Some of the key findings include:
- Nearly 1/3rd have been recent victims of card or digital payments fraud or know someone among their immediate family or friends who has been defrauded
- Fake apps and websites rank among the topmost concerns followed by compromised credentials and spyware/malware infections
- Card cloning is the biggest concern when it comes to credit and debit transactions
How do you overcome all of this?
Some of the pointers that you can use are:
- Never share your bank details, PIN or OTP with anyone
- When you visit an ATM, see if any skimming devices are attached at the place where you insert your cards and keep the keypad covered while typing your PIN
- Never go to sites that you do not know or unverified for your purchases
- When you make UPI transactions, make sure that you are sure of the VPA address. In case you are doing a large transaction, start with a smaller value and get a confirmation from your payee that they have received the money before you go ahead with your transfer
- Never click on any links sent via SMS or Whatsapp texts, unless you are sure that it is from a credible source
I don’t think you have a choice of avoiding digital payments. While the technology is secure, fraudsters can use several deceptions that you should be aware of. Digital awareness and being cautious would help you make the most out of technology without getting defrauded.