Money & Banking

Now, EMI moratorium could trigger fresh round of phishing

Surabhi Mumbai | Updated on April 09, 2020 Published on April 09, 2020

Never share personal credential, caution bankers

Within weeks of the RBI announcing a three-month loan moratorium, fraudsters could be up to their tricks, scamming funds out of unsuspecting borrowers.

“The EMI moratorium has just begun. While we haven’t observed anything per se, one has to understand what can happen proactively. We have to start an awareness campaign,” said Sameer Ratolikar, Executive Vice-President and Chief Information Security Officer at HDFC Bank.

“Banks will always communicate through official channels but they will never ask you to disclose personal credentials,” he told reporters during a call on Thursday.

Banks, which have stepped up vigilance against such scams, said fraudsters could choose between three or four modus operandi.

Three main modus operandi

One, they could reach out to the customer about EMI moratorium on credit card bills and seek card details. Once the customer discloses this by call or text, the fraudster could next ask for the OTP and make a transaction.

Alternatively, customers could be asked to download a mobile app sent by a link to avail the moratorium. “As an additional benefit for downloading the app, the customer could be promised at least three more months of moratorium,” said Ratolikar.

The app, on the pretext of getting downloaded, would also install a virus, malware or a Trojan on the phone, which would capture and communicate the customer’s keystrokes to the fraudster, who can then initiate a transaction with an SMS OTP (again obtained from the customer).

Ratolikar stressed that customers should not download any app from unknown sources and should only do it from the official Play or App Store. “One should also install and update anti-virus on phones along with laptop and desktop. Anti-virus is a basic hygiene now,” he said.

Social media phishing

The third modus operandi is social media phishing, where the fraudsters track the Twitter and Facebook accounts of banks to find out customer grievances. As many customers also post their phone numbers, the fraudster can call them, posing as bank agents, and ask for account, debit card and PIN details.

Bankers stressed that customers must always use secure banking channels for all online and digital banking transactions. “They can also check out the tips for secure banking, which are available on the websites and mobile apps of banks,” said one.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on April 09, 2020
This article is closed for comments.
Please Email the Editor