A few months ago, customers of a leading Indian bank received an email from an individual posing as the bank’s employee, to urgently provide their internet banking logins and passwords.

This email looked so genuine that few customers clicked on the link, which led them to a webpage that was visually similar to the bank’s official website. However, the customers failed to notice the browser’s status bar, which indicated that the website was not secure. Moreover, the website’s name was spelt incorrectly, and later, the bank unearthed this phishing scam.

According to Experian’s Digital Consumer Insights survey, nearly 25 per cent of Indian digital consumers have experienced fraud, the highest in the Asia-Pacific region. While digital platforms offer great ease-of-doing business, they also expose consumers to greater possibilities of frauds and financial losses, if they are not vigilant.

Types of fraud

There are two major types of data-driven frauds — identity theft and phishing. Both result in loss of money and/or financial data.

Online identity theft occurs when a fraudster steals or hacks into your financial or personal information such as your bank account or credit card number, date of birth, Government ID details etc. This data is later used online to impersonate you and commit financial fraud.

In case of phishing, fraudsters will trick you into giving away sensitive information. The fraudster will target you with emails that contain malware-infected attachments or links to malicious websites that steal your data.

This data is then used to hack into your bank account or surreptitiously use your credit card. Often, personal data — bank account details, government ID card details — are stored or sold on the dark web for later use.

Safety steps

Identity thieves are perfecting their craft by tweaking their tactics and traps to trick you. You can follow certain precautionary measures to help protect your data from fraudsters.

Provide personal information only when it is required and share data only on authentic websites.

In addition, there are identity protection products that will notify you if your personal data is compromised on the dark web.

When transacting online, make sure to check the link of the website before initiating the transaction.

Always transact via modes that offer end-to-end encryption since that prevents any third-party from accessing the information being communicated to or stored by a web portal. A simple way of ensuring that you are transacting on a secure website is by looking for the ‘ https:// ’ tag that appears at the beginning of a website link.

The ‘s’ in ‘https’ stands for secure, which encrypts the data being sent to and from that website. So, ensure you transact only on websites that carry the ‘ https:// ’ tag.

It is easier for fraudsters to hack into unsecured network connections; hence avoid accessing public Wi-Fi to make any financial transactions. Additionally, as a thumb rule, never share your passwords, OTP or bank pin with anyone, including a banking official. Under no circumstances should this data be solicited by them.

Stay socially guarded

The best way to safeguard yourself from identity theft is to follow digital hygiene. Avoid sharing too much information about yourself on social media because every post and picture can give hackers another piece of the puzzle to impersonate or target you with a phishing attack.

Be mindful of the sort of information typically used for password reset options, like the name of your first elementary school, your mother’s maiden name, place of birth, etc.

Ensure that you change your passwords frequently. Even tech-savvy users often keep similar passwords for different banking/financial services accounts. Such passwords can be easily cracked, and hence, it’s imperative to have difficult passwords.

For instance, take a sentence which is easy to remember and make it into a password. For example, I lived at 21 street, Karol Bagh in the 90s and earned ₹5,000 a month can be converted to ila21skbit90ae5am .

In addition, enable one-time passwords for all online transactions while also subscribing to email and SMS alerts.

Downloading fraudulent applications can leak your personal data by giving access to the information stored on your phone. While downloading applications from either Apple’s App Store or Google’s Play Store, always check their trustworthiness, reviews and popularity.

ATM: Dos & don’ts

Avoid using ATMs that are in remote locations or at deserted places. Press the cancel key after completing your ATM transaction, even if the ATM does not dispense cash. During an ATM transaction, check if there is a card skimmer attached to the card reader. A typical ATM skimmer, a device smaller than a deck of cards, fits over the existing card reader.

Card skimming is becoming a popular method in India to fraudulently obtain credit/debit card information that copies it onto a fake card. If your card gets stuck inside an ATM machine or you misplace it, immediately call your bank’s helpline number or report the same to the nearest police station.

The writer is Director - Decision Analytics and Fraud Prevention, Experian India.

Related Topics
comment COMMENT NOW