Cybersecurity

Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

Social engineering attack techniques

Social engineering attacks come in many different forms and can be performed anywhere where human interaction is involved. The following are the most common forms of digital social engineering assaults.

PHISHING:
Phishing is a fraudulent activity performed by fraudsters to obtain personal information (such as User ID, Password, Account Number, Card number, CVV number, Card expiry date, OTP- (One Time Password, etc.) of a Bank customer

VISHING:
A type of social engineering attack in which a cybercriminal contacts the customer by phone, impersonating someone in a position of authority. Vishing is similar to phishing, but the attack is delivered by phone instead of email.

SMISHING:
Fraudulent phone calls and SMS containing fraudulent URLs on the subject of KYC update, linking of Bank Accounts, and seeking confidential information of customers, are currently in circulation.

Baiting:
The most popular form of baiting uses physical media to disperse malware. For example,attackers leave the bait—typically malware-infected USB or removable devices.

Pretexting
The attacker usually starts by establishesing trust with their his or her victim by impersonating them as co-workers, government officials , Bank officials, or other persons who have right-to-know authority. The pretexter asks questions to confirm the victim’s identity, through which they gather important personal data.
All sorts of pertinent information and records is gathered using this scam, such as social security numbers, personal addresses and phone numbers, phone records, staff vacation dates, Bank records, and even security information related to a physical plant.

Social Engineering Prevention

• • Don’t open emails and attachments from suspicious sources - If you don’t know the sender in question, you don’t need to answer an email.
• • Use multifactor authentication - Using multifactor authentication helps ensure your Account’s protection in the event of system compromise.
• • Be wary of tempting offers- If an offer sounds too enticing, think twice before accepting it as fact.
• • Keep your antivirus/antimalware software updated- Make sure automatic updates are engaged, or make it a habit to download the latest signatures first thing each day.

While using the ATM, you should watch for:

• • Use secure ATM machines - ATMs under video surveillance or inside of a bank lobby are. They’re less likely to be tampered with. Thieves have to take more risk when installing skimmers where there are security cameras.
• • Cover the ATM Keypad - While entering your your PIN, cover the ATM keypad just in case there’s a hidden camera around. Skimming devices will stick out a few extra inches from an ATM.
• • If something looks suspicious, find another ATM - Don’t fall for a poor fitting device (or a sticker or sign that says “Swipe Here First”, or “Use This Machine Only”)
• • If a machine keeps your card,call the bank immediately and report it
• • Don’t accept “help” from anyone around the ATM. They may say they were having trouble too, and you just need to enter your PIN again.
• •Keep an eye on your card while making a purchase or after using it at an ATM.
• • Be aware of fraudulent activities on the Internet

Cyber criminals commit identity theft by using sophisticated cyber-attack tactics, including social engineering, phishing, and malware. Identity theft can also result from rudimentary tactics such as criminals stealing mail, digging through dumpsters, and listening to phone conversations in public places.

Unfortunately, most people only discover they're victims of identity theft when they apply for a loan, attempt to open a Bank account, apply for a job, receive a call from a collection agency, or request a new credit card.

Despite the many ways an individual's identity can be stolen, there are also ways to prevent this from happening. Always keep the following in mind:

• • Ensure that you have strong passwords for all accounts.
• • Shop with companies/websites you know. If the company is unfamiliar, investigate.Their authenticity and credibility.
• • Avoid posting personal information over social media platforms.

Before making any digital payments on any website, look for two things: the trusted security lock symbols and the extra "s" at the end of http (i.e. https) in the URL or web address bar.

AI voice-cloning scams, driven by the power of Artificial Intelligence (AI), have emerged as a disturbing trend in the world of online fraud. Scammers are exploiting this technology to mimic the voices of friends, family, and acquaintances, luring unsuspecting victims into financial fraud

To shield yourself from the growing threat of AI voice-cloning scams, consider implementing these vigilant strategies:

• 1. Always be cautious of unexpected calls; verify identity.
• 2. Listen carefully for unnatural cues.
• 3. Think twice before taking any steps.
• 4. Safeguard your audio clips.

What is Meant by Online Shopping Scams?

When a culprit fraudulently acquires the online payment details or card details to shop online or make online purchases without the consent of the Account holder, it can be considered online shopping fraud.
It is rather apparent that the surge in online payment methods directly led to purchase fraud.Hackers are becoming more resourceful and creative these days. This is because people are willingly putting their personal information online.

Safety Measures to Protect Yourself When Shopping Online

Following are some preventive measures that will give you protection against online shopping fraud:

• • Always purchase from a legitimate shopping website.
• • Hackers often use open networks to get into your device. So, avoid using public Wi-Fi while shopping online.
• • Never miss reading a notification coming from your Bank related to your Bank statements. Always keep an eye on the financial statements.
• • Don’t fall for the heavy discount that is too good to be true.

Modus Operandi

Fraudsters often contact customers under various pretexts and trick them into scanning Quick Response (QR) codes using the QR code scanning applications on the customers’ mobile.

By scanning such QR codes, customers may unknowingly authorise the fraudsters to steal sensitive information, money, or both.

Fraudsters can also embed links in QR codes, redirecting them to webpages containing viruses or malware which can compromise customers sensitive data.

QR Code Phishing modes:

Through fake Emails, SMS messages, advertisements, etc

Preventive measures

• • Do not scan a QR code you do not trust or that you are not sure about.
• • Contact the company or institute directly to confirm the message or information you received before scanning the code.
• • Always remember that a QR code is used for payment of money, not receiving it.
• • QR code that might look even a bit suspicious, always check the authenticity before scanning.
• • Never use the contact number found in the random search on internet browsers.
• • Visit only authentic websites or sources for getting contact details or any other information.

Fake loan apps are applications that pose as legitimate financial services but are designed to deceive users. These apps typically claim to offer quick and easy loans with minimal documentation, often targeting individuals who may be in urgent need of funds.

How to spot fake loan apps?

• • They promise instant loans with minimum documentation.
• • Terms and conditions are too good to be true.
• • Apps that request upfront payments for loan disbursing.
• • They impose high fees and hidden charges.
• • Check for app permissions.

How to avoid falling for a fake loan app?

• • Borrow from RBI- approved lenders.
• • Read the terms and conditions carefully.
• • Check for hidden charges and fees.
• • Avoid lucrative offers upfront payments.

Spotting a WhatsApp scam

WhatsApp scams take numerous different forms; they often share similar characteristics. The most common signs of a WhatsApp scam are:

• • Unsolicited text messages from unfamiliar numbers.
• • Messages urging immediate action.
• • Messages with spelling and grammatical errors.
• • Requests for money or personal information.
• • Messages with suspicious links or attachments.
• • Messages claiming you won a lottery, prize, gift, coupons, etc.

How to stay safe from WhatsApp scams?

• • Never accept a voice or video call from an unknown number on WhatsApp.
• • Never share OTP, credit/debit card number, or CVV.
• • Never disclose your password to anyone.
• • Never accept screen share requests, unless you are sure.
• • Even if you are receiving a call from a known number, make sure to take a voice call, confirm the identity, and then convert it into a video call. Also, always ensure that the screen-sharing option is not enabled. Once they gain access to your smartphone screen, there are numerous risks, which are not just limited to financial loss.