Cybersecurity Overview

As we transition to a digital economy, cybersecurity in banking is becoming a serious concern. Utilizing methods and procedures created to data is essential for a successful digital revolution. The effectiveness of cybersecurity in Banks influences the safety of our Personally Identifiable Information (PII).

Cybersecurity is the key for Banks to keep customer’s money safe and secure. Cybersecurity also helps to maintain customer’s trust and confidence in the banking system. The Bank uses the latest security measures to protect customers’ personal information and financial transactions.

Protecting the user's confidential information is the primary goal of cybersecurity in banking. As more people become cashless, more transactions go online. People conduct transactions using digital payment methods like debit and credit cards, which must be protected by cybersecurity.

Rewards

Get

Rewards

1 reward point on every 100 spends on debit card

15% discount

Get

15% discount

1 reward point on every 100 spends on debit card

Free

Get

Free

Cash withdrawal on Utkarsh Bank ATMs

Phishing is a fraudulent activity performed by fraudsters to obtain personal information (such as User ID, Password, Account Number, Card Number, CVV Number, Card Expiry Date, OTP (One-Time Password, etc.) of a Bank customer.

Ways to identify a phishing e-mail:

  • • The e-mail consists of poor grammar or punctuation.
  • • It may not address you (the customer) by name.
  • • It instructs you to click on a link.
  • • It asks for confidential personal information.
  • • It also threatens that certain action (such as Account suspension) will be taken in case you do not comply with the received e-mail within a specified time period.

How to protect yourself from Phishing?

  • • Never click on hyperlinks attached in the e-mails.
  • • Never open unexpected attachments received over e-mails.
  • • Use updated and licensed Anti-Virus software.
  • • Educate yourself on fraudulent activities on Internet.
  • • Never use a cyber cafe for performing financial transactions
  • • Do not transfer funds or share your Account details with unknown or non-validated sources, luring you with commission, attractive offers, etc.
  • • Never respond to e-mails claiming to be from Bank and seeking your confidential personal information.

VISHING:
A type of social engineering attack in which a cybercriminal contacts the customer by phone, impersonating someone in a position of authority. Vishing is similar to phishing, but the attack is delivered by phone instead of email.

SMISHING:
Fraudulent phone calls and SMSs containing fraudulent URLs on the subject of KYC updates, linking of Bank Accounts, and seeking confidential information of customers, are currently in circulation.

  • • Be cautious of any caller who asks to share login information over the phone or email.
  • • If a caller asks to provide Account data or personally identifiable information, refuse to do so.
  • • Do not download and execute any mail attachment received from an unknown source.
  • • Do not transfer funds or share Account details via links received from an unknown sources.
  • • Do not respond to emails or SMS claiming to be from the Bank and seeking any confidential personal information.
  • • Report an impersonated or suspect email or any suspicious call received.
  • • Use updated and licensed Anti-Virus software.
  • • Be aware of fraudulent activities on the Internet.

  • NOTE: Utkarsh Small Finance Bank Limited never asks for any of your confidential personal information such as User ID, Password, Account No, Card No, CVV No, One Time Password (OTP) etc. Never disclose them to anyone, even if the seeker claims to be from the Bank

    With the increase in digital reach of the Bank towards its customers, Mobile Banking Application play an important role for the convenience and ease of the customer. With the increase in cybercrime and other fraudulent activities, it is necessary to enhance the security and precautions to be taken while using Mobile Banking Application.

    The following security measures are to be followed while using Mobile Banking Application

    • • Download apps only from official stores, such as, Google Play Store for Android, and Apple App Store for iOS.
    • • Make sure antivirus is installed and running on your devices.
    • • Keep all software and applications on your devices up-to-date, in particular, operating systems, antivirus software, etc.
    • • Use only an HTTPS connection on the internet.
    • • Choose a strong password or PIN for your Mobile Banking Application
    • • Don't save your passwords on the devices.
    • • Look carefully for the permissions granted to each Application as per the needs.
    • • Do not respond to offers for getting KYC updated.
    • • Always access the official website of the Bank or contact the branch.

    Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

    Social engineering attack techniques

    Social engineering attacks come in many different forms and can be performed anywhere where human interaction is involved. The following are the most common forms of digital social engineering assaults.

    PHISHING:
    Phishing is a fraudulent activity performed by fraudsters to obtain personal information (such as User ID, Password, Account Number, Card number, CVV number, Card expiry date, OTP- (One Time Password, etc.) of a Bank customer

    VISHING:
    A type of social engineering attack in which a cybercriminal contacts the customer by phone, impersonating someone in a position of authority. Vishing is similar to phishing, but the attack is delivered by phone instead of email.

    SMISHING:
    Fraudulent phone calls and SMS containing fraudulent URLs on the subject of KYC update, linking of Bank Accounts, and seeking confidential information of customers, are currently in circulation.

    Baiting:
    The most popular form of baiting uses physical media to disperse malware. For example,attackers leave the bait—typically malware-infected USB or removable devices.

    Pretexting
    The attacker usually starts by establishesing trust with their his or her victim by impersonating them as co-workers, government officials , Bank officials, or other persons who have right-to-know authority. The pretexter asks questions to confirm the victim’s identity, through which they gather important personal data.
    All sorts of pertinent information and records is gathered using this scam, such as social security numbers, personal addresses and phone numbers, phone records, staff vacation dates, Bank records, and even security information related to a physical plant.

    Social Engineering Prevention

    • Don’t open emails and attachments from suspicious sources - If you don’t know the sender in question, you don’t need to answer an email.
    • Use multifactor authentication - Using multifactor authentication helps ensure your Account’s protection in the event of system compromise.
    • Be wary of tempting offers- If an offer sounds too enticing, think twice before accepting it as fact.
    • Keep your antivirus/antimalware software updated- Make sure automatic updates are engaged, or make it a habit to download the latest signatures first thing each day.

    While using the ATM, you should watch for:

    • Use secure ATM machines - ATMs under video surveillance or inside of a bank lobby are. They’re less likely to be tampered with. Thieves have to take more risk when installing skimmers where there are security cameras.
    • Cover the ATM Keypad - While entering your your PIN, cover the ATM keypad just in case there’s a hidden camera around. Skimming devices will stick out a few extra inches from an ATM.
    • If something looks suspicious, find another ATM - Don’t fall for a poor fitting device (or a sticker or sign that says “Swipe Here First”, or “Use This Machine Only”)
    • • If a machine keeps your card,call the bank immediately and report it
    • Don’t accept “help” from anyone around the ATM. They may say they were having trouble too, and you just need to enter your PIN again.
    • Keep an eye on your card while making a purchase or after using it at an ATM.
    • • Be aware of fraudulent activities on the Internet

    Cyber criminals commit identity theft by using sophisticated cyber-attack tactics, including social engineering, phishing, and malware. Identity theft can also result from rudimentary tactics such as criminals stealing mail, digging through dumpsters, and listening to phone conversations in public places.

    Unfortunately, most people only discover they're victims of identity theft when they apply for a loan, attempt to open a Bank account, apply for a job, receive a call from a collection agency, or request a new credit card.

    Despite the many ways an individual's identity can be stolen, there are also ways to prevent this from happening. Always keep the following in mind:

    • • Ensure that you have strong passwords for all accounts.
    • • Shop with companies/websites you know. If the company is unfamiliar, investigate.Their authenticity and credibility.
    • • Avoid posting personal information over social media platforms.

    Before making any digital payments on any website, look for two things: the trusted security lock symbols and the extra "s" at the end of http (i.e. https) in the URL or web address bar.

    AI voice-cloning scams, driven by the power of Artificial Intelligence (AI), have emerged as a disturbing trend in the world of online fraud. Scammers are exploiting this technology to mimic the voices of friends, family, and acquaintances, luring unsuspecting victims into financial fraud

    To shield yourself from the growing threat of AI voice-cloning scams, consider implementing these vigilant strategies:

    • 1. Always be cautious of unexpected calls; verify identity.
    • 2. Listen carefully for unnatural cues.
    • 3. Think twice before taking any steps.
    • 4. Safeguard your audio clips.

    What is Meant by Online Shopping Scams?

    When a culprit fraudulently acquires the online payment details or card details to shop online or make online purchases without the consent of the Account holder, it can be considered online shopping fraud.
    It is rather apparent that the surge in online payment methods directly led to purchase fraud.Hackers are becoming more resourceful and creative these days. This is because people are willingly putting their personal information online.

    Safety Measures to Protect Yourself When Shopping Online

    Following are some preventive measures that will give you protection against online shopping fraud:

    • • Always purchase from a legitimate shopping website.
    • • Hackers often use open networks to get into your device. So, avoid using public Wi-Fi while shopping online.
    • • Never miss reading a notification coming from your Bank related to your Bank statements. Always keep an eye on the financial statements.
    • • Don’t fall for the heavy discount that is too good to be true.

    Modus Operandi

    Fraudsters often contact customers under various pretexts and trick them into scanning Quick Response (QR) codes using the QR code scanning applications on the customers’ mobile.

    By scanning such QR codes, customers may unknowingly authorise the fraudsters to steal sensitive information, money, or both.

    Fraudsters can also embed links in QR codes, redirecting them to webpages containing viruses or malware which can compromise customers sensitive data.

    QR Code Phishing modes:

    Through fake Emails, SMS messages, advertisements, etc

    Preventive measures

    • • Do not scan a QR code you do not trust or that you are not sure about.
    • • Contact the company or institute directly to confirm the message or information you received before scanning the code.
    • • Always remember that a QR code is used for payment of money, not receiving it.
    • • QR code that might look even a bit suspicious, always check the authenticity before scanning.
    • • Never use the contact number found in the random search on internet browsers.
    • • Visit only authentic websites or sources for getting contact details or any other information.

    Fake loan apps are applications that pose as legitimate financial services but are designed to deceive users. These apps typically claim to offer quick and easy loans with minimal documentation, often targeting individuals who may be in urgent need of funds.

    How to spot fake loan apps?

    • • They promise instant loans with minimum documentation.
    • • Terms and conditions are too good to be true.
    • • Apps that request upfront payments for loan disbursing.
    • • They impose high fees and hidden charges.
    • • Check for app permissions.

    How to avoid falling for a fake loan app?

    • • Borrow from RBI- approved lenders.
    • • Read the terms and conditions carefully.
    • • Check for hidden charges and fees.
    • • Avoid lucrative offers upfront payments.

    Spotting a WhatsApp scam

    WhatsApp scams take numerous different forms; they often share similar characteristics. The most common signs of a WhatsApp scam are:

    • • Unsolicited text messages from unfamiliar numbers.
    • • Messages urging immediate action.
    • • Messages with spelling and grammatical errors.
    • • Requests for money or personal information.
    • • Messages with suspicious links or attachments.
    • • Messages claiming you won a lottery, prize, gift, coupons, etc.

    How to stay safe from WhatsApp scams?

    • • Never accept a voice or video call from an unknown number on WhatsApp.
    • • Never share OTP, credit/debit card number, or CVV.
    • • Never disclose your password to anyone.
    • • Never accept screen share requests, unless you are sure.
    • • Even if you are receiving a call from a known number, make sure to take a voice call, confirm the identity, and then convert it into a video call. Also, always ensure that the screen-sharing option is not enabled. Once they gain access to your smartphone screen, there are numerous risks, which are not just limited to financial loss.

    Loan calculator

    Amount ()

    1 Lac

    10 Cr

    Tenure ( )

    1 Month

    120

    Interest Rate (%)

    1%

    31%

    line-chart-pattern-bg
    Equated Monthly installments (EMI)

    2,10,651

    Need more Information?
    Deposit Amount
    Interest Earned

    Interest Rate

    8.00%

    Interest Earned

    3,50,452

    Maturity Value

    13,50,452

    Maturity Date

    20 Apr 2023

    (Indicative interest rates for calculation only. click here for latest rates.)

    FAQs

    'Phishing' refers to the practice of fraudsters 'fishing' for your details in order to find out and misuse your sensitive personal and financial information. Criminals may, for instance, make identical copies of existing corporate websites, or send scam e-mails to elicit a response from you and trick you into divulging your personal information.



    Without using additional measures such as a digital signature, it is easy for fraudsters to imitate e-mails. But that doesn't mean you can't recognise scam e-mails. Cyber-criminals often place alarming, enticing or exciting subjects in their e-mails with the hope of tempting you to respond impulsively and divulge the requested information. So, always take your time to read the e-mail carefully. In case of doubt, it is better not to respond. If you do choose to respond, always first check that the mail is genuine by contacting the company that is the found to be the apparent sender by telephone, for instance.



    • Always ensure your PC/laptop is updated with latest anti-virus and operating system patches.
    • Install personal firewall and antivirus to protect your PC from internet attacks.
    • Change your online banking passwords periodically, say every month.
    • Report any suspicious or fraudulent e-mail/sites to the Bank immediately.
    • Always read the online security tips provided by the Bank from time to time.



    Just like you’d protect your home with house security (locks, gates, doors), cyber security protects your business from malicious (and accidental) attacks through your internet-connected networks, computers, mobile devices, software, and applications. These cyber security measures are designed to defend against attackers seeking to gain access to your data, destroy, or extort sensitive customer information, or get you to pay funds into a false account. Good examples of cyber security measures include strong passwords, two factor authentication, staff education and pre-prepared disaster recovery plans.



    Two-factor authentication (or 2FA) is when you are asked for one more security step before getting access to what you have logged into. Often, it’s an email or a text asking you to enter a code or confirm you logged in, to prove that it’s you at the other end. These codes are randomly generated at the moment they’re required, often only valid for one use and usually time-out if not used within a certain, or short, period of time.



    Fraud and identity theft come in many forms, so you need to be constantly vigilant about your financial account and personal information. In particular, we suggest that you:

    • Routinely check your statements for anything unusual and query the institution which issued the statement about any transactions you’re unsure of.
    • Contact us with the details of any suspicious transactions on your account.
    • Take a note of unusual emails or phone calls from organisations you haven’t contacted, particularly if they ask for information about your identity.

    If you believe you've fallen victim to fraud or identity theft, please contact us as soon as possible.



    Watch out for scams: Phishing, Vishing, Cyberstalking, Skimming, etc. are some of the many scam perpetrators use to trick you into sharing your personal details. Watch out for these scams and don’t click on links, emails and attachments that look suspicious.

    • Update passwords regularly.
    • Use secure websites.
    • Keep personal information safe.
    • Always use secure internet connections and avoid using free or public Wi-Fi for any transactions.
    • Shared documents before discarding
    • Delete suspicious emails.


    Passwords protect your personal information, so it is important to create strong passwords and change them regularly.

    Here are some tips on creating and using passwords:

    • Never share your passwords.
    • Have a combination of characters, e.g., sDke$5!2
    • Don't allow your computer to save your passwords.
    • Remember, you should always take appropriate steps to protect your password and PIN, as you may be responsible for unauthorised transactions as outlined in the ePayments code.


    Be skeptical of any unsolicited outreaches. The saying that “if it is too good to be true, it probably is” applies with scams and phishing. Avoiding fake websites and avoiding phishing scams and emails are similar in that for both, you want to
    (1) look for clues that they are fake and,
    (2) if you're suspicious or just want to be cautious,type in the website name or phone number you know to be correct rather than clicking or calling back.



    Malware is named from ‘malicious software’, where software has been installed on your computer or network without you knowing and tries to disrupt your business. It could be executable code, computer viruses, worms, Trojans, bots, spyware, ransomware, or other malicious programs. Often picked up when installing or clicking on links you or an employee shouldn’t.



    Ransomware is when you’ve mistakenly installed a rogue piece of software (from clicking on a link or opening an attachment), giving access and control of your systems to an attacker, who then demands money. If you don’t pay (usually by an untraceable currency such as Bitcoin), the attacker will delete your data, or lock your screens and deny you access.



    Keep your software updated. Use complex passwords and encryption. Do not use public/open Wi-Fi. Lock your phone. Be a smart surfer and log into secure websites, which start with “https” which means it is using a SSL (secure) certificate.



    Yes. If you use the same password for every account and if someone gets access to it, they can figure out that the password works for other accounts as well. They may be able to access your information, PIN, etc.



    Protecting yourself from identity theft is largely a matter of following best practices (and requirements) for information security. If you learn to identify and avoid phishing scams and install and run anti-virus software, you'll protect yourself from the most common means by which hackers and scammers steal your personal information.



    Blogs

    How to select the perfect Savings Account

    Read more

    Fixed Deposit Vs Public Provident Fund : Which is Better?

    Read more

    Everything you need to know before taking a loan for home

    Read more

    Top media stocks in India : Entertaining Income

    Read more