By Satyendra Sharma and Prof. Triveni Singh, IPS
At present, cyber security is the biggest concern around the globe because of fastest-growing internet technology in day to day life. The information on each and every sector is accessible on the web. Online data communication, interaction over social media, online shopping, online banking, online bill payment etc. are becoming our necessities and internet is must for these activities. Consequently, by fraudulent activities criminals are committing cyber crime easily instead of physical crime. With the use of Internet, cyber crime in banking sector is rising day by day. The main reason behind this is the lack of cyber security awareness among customers of banks. There is a strong need to aware about cyber security of online banking operations because only cyber security awareness can prevent from cyber crimes. Cyber security awareness can be an important weapon against rising cyber crime in the financial sector.
Cyber Crime is an illegal activity that uses a computer as its primary means of commission. The definition of cyber crime is not mentioned in Indian law. Even in India, Information Technology Act 2000 also does not provide the definition of cyber crime. In general terms, any illegal activity which is done using computer system is called cyber crime. Such crimes may threaten a nation’s security and financial health. Oxford dictionary defines cyber crime as criminal activities carried out by means of computers or the Internet Cyber crime is a fast growing area of crime. There is no universal definition of cyber crime is found.
Nowadays, cyber crime is increasing on regular basis which is the subject of great concern. Financial cyber crime is one of the main types of cyber crime. According to the 2019 NortonLifeLock Cyber Safety Insights Report, cyber criminals stole Rs 1.2 trillion from Indians in 2019. Further, 63% Indians do not know what they will do if their identities are stolen, even though 70% are worried that identities will be stolen. 4 in 10 consumers in India have experienced identity theft.
According to the National Crime Records Bureau (NCRB) crime data 2019, cyber crimes registered a 63.5% jump over 2018. During 2019, 60.4% of cyber-crime cases registered was for the motive of fraud (26,891 out of 44,546 cases).
Types of Cyber Crime
Phishing– It is technique of pulling out confidential information such as credit card/debit card, online banking details or account details from the account holder by deceptive means. Phishing is a fraudulent attempt, usually made through email, to steal your personal information. Phishing emails usually appear to come from a well-known organization and ask for your personal information — such as credit card/debit card number, PIN, expiry date of card, CVV number, mobile number, online banking user ID and password etc. Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account. Phishing emails always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would never request this information of you via email.
Vishing- Vishing is the criminal practice of using social engineering over the telephone system, most often using features facilitated by Voice over Internet Protocol (VoIP) or by mobile phones, to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of “voice” and phishing. In Vishing, fraudsters call to the innocent bank customers/ consumers and claimed to be from a bank/ merchant told users that problems with their bank accounts/online shopping and need to be verify their account/KYC/ online order and demand victim’s payment credentials and commit the fraud. Nowadays, approximately all financial cyber crimes are being committed through Vishing type of cyber crime.
Smishing- Smishing is a form of criminal activity using social engineering techniques similar to phishing. The term is a combination of SMS and phishing. SMS (Short Message Service) is the technology used for text messages on cell phones through SMS/ chat.
Hacking– Hacking in simple terms means illegal intrusion into a computer system without the permission of computer owner/user.
Spoofing– Getting one computer on a network to pretend to have the identity of another computer, usually one with special access privileges, so as to obtain access to the other computers on the network. A spoofing attack occurs when a malicious party impersonates another device or user on a network.
IP spoofing is a technique whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. Using email spoofing, cyber criminals send email to targets with phishing link or malicious attachment indicating that email is coming from a trusted organisation. SMS spoofing and call spoofing is also used to cheat the targets indicating that call/SMS is coming from genuine sources.
Denial of Service Attack (DOS)– This is an act by the criminal, who floods the bandwidth of the victim’s network or fills his email box with spam mails depriving him of the services he is entitled to access or provide.
Software Piracy– Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original.
Cyber Defamation– Cyber criminal sends emails containing defamatory matters to all concerned of the victim or post the defamatory matters on a website.
Pornography– Publishing or transmitting any material in electronic form which is obscene and lascivious in nature is known as pornography
Credit Card/Debit Card Fraud– Cyber criminals steal the credit card/debit card details such as card number, CVV, expiry date, PIN, OTP using various techniques such as through phishing, vishing etc. and do online transactions.
Online Wallet Fraud- Cyber criminals steals the some credentials which is required to operate the online wallet such as login ID, login password, OTP etc and perform the online transactions in fraudulent way without the consent of genuine wallet holder. This is very common type of fraud nowadays.
Net Extortion– Copying the company’s confidential data in order to extort said company for huge amount is called Net Extortion.
Bot Networks (Botnet)- A cyber crime called “Bot Networks” wherein spamsters and other perpetrators of cyber crimes remotely take control of victim’s computers without his knowledge.
Cyber Stalking– The Criminal follows the victim by sending emails, entering the chat rooms frequently.
Malware– Malware is the term maliciously designed software code which is used to cheat, steal or harm users in online environment like online banking fraud etc.
Farming- Farming or Pharming is typically a Domain Name System (DNS) attack generally called DNS Poisoning. If the system is infected with a “virus” that poisons the DNS system, whenever the victim next visits online banking site, he/she may not be directed to the actual web page, instead sent to a false “Pharming Page”.
Data Diddling- Data diddling is the process in which fraudster changes the raw data in unauthorized way before input or processing to a computer system and after processing of such data fraudster changes it back in its original form so that data alteration can not be easily traced. It is a cyber crime.
Cyber Squatting (Domain Squatting)- Registering, trafficking or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else is called Cyber Squatting . The cyber Squatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price.
Cyber Bullying- Cyber bullying occurs when someone repeatedly and intentionally harasses, mistreats, or makes fun of another person online or through mobile phones or through other electronic devices. Cyber bullying is the use of cell phones, instant messaging, e-mail, chat rooms or social networking sites such as Facebook, Twitter etc. to harass, threaten or intimidate someone.
FACT ABOUT AWARENESS REGARDING ONLINE BANKING CYBER SECURITY
- Large numbers of bank customers are not aware of cyber crime and cyber security.
- Large number of bank customers does not know about common banking cyber threats and countermeasures.
- Large number of bank customers does not know the preventive measures to control and avoid cyber fraud.
- Banks have not imparted cyber security awareness training to large number of customers.
- Cyber fraud victims are not aware about cyber security. Victims also did not have knowledge about common banking cyber threats and preventive measures.
- Victim bank customer does not know that how and where to report cyber crime.
- Most of the officials related to financial sectors and law enforcement agencies do not have awareness of cyber security.
- Cyber security awareness can be an important weapon against rising cyber crime in banking sector.
Preventive Steps to Avoid BANKING Cyber CrimeS
- Bank/ Insurance Company/ RBI/ IRDA/ Income Tax/Police / Online shopping merchant/ Bank’s Call Centre do not ask your financial and personal sensitive information through Mail/Phone/Chatting/SMS/Google Form. Therefore any one pretending to be asking you for information may be cyber criminals.
- Any caller pretending to be from Bank / Call Centre may persuade you to reveal your credentials like Debit/Credit Card number/PIN/Expiry date of card/CVV number, OTP, Online banking User ID and password, UPI PIN stating that your account/debit/credit card/UPI etc. will be blocked or your KYC is not completed. Please do not entertain such requests as they are fraudulent entities.
- If you do not want to be a victim of card cloning, always shield the keypad while entering ATM PIN at ATM/POS location.
- Always inspect the ATM you are using. Some fraudulent card reader devices (Skimmers) can be easily spotted. If some parts around the slot for inserting the card do not seem right, consider walking away and transacting in another machine.
- Choose a PIN that is easy for you to remember but which is not based on a birthday, anniversary, address, vehicle number, or phone number.
- Change your ATM PIN on regular basis. Never write it down or keep it in your wallet.
- Do not use the same PIN for all your cards.
- Never share your debit card/credit card number, expiry date of the card and 3 digits CVV (Card Verification Value) to anyone including your family members.
- Always search banks/merchants contact number or email over their official websites. Do not trust on contact numbers mentioned in Google search. It may be faked and you may be duped by fraudsters because fraudsters have already shared their contact numbers at various online platforms.
- Don’t submit your sensitive personal and financial information such as debit/credit card details, online banking user ID, password, OTP, UPI PIN, ATM PIN etc. through email/ telephone/ SMS/chatting/ social media/ Google Form.
- Don’t respond to spam emails and don’t call on telephone numbers mentioned in spam emails.
- Keep your online banking password very strong with a combination of alphanumeric and special characters with lower and upper case. The password should be of minimum 8 characters.
- In case your mobile is deactivated without your request or you get a call in this regard, in this case, somebody may be trying to get a duplicate SIM/ steal your credentials like OTP (One time password) etc. for beneficiary registration/for issuing online Internet Banking/mobile banking/UPI facility.
- In case of any of these suspected activities, please change your Passwords/PIN immediately on any such suspected activity as soon as possible.
- Do not make online friends to strangers and also do not chat with them.
- Never respond to phishing mail and report phishing mail to your Bank’s email and CERT-IN (Indian Computer Emergency Response Team) at their email ID [email protected]
- Do not forward message from your mobile number to other number provided by unknown caller or fraudster. Fraudsters use this technique to register the UPI of victim bank customers at their mobile phones.
- Do not install remote accessing apps like AnyDesk, Team Viewer Quick Support etc. at your mobile phone. Bank/ online merchants never call you for resolving your problem through aforesaid apps. Cyber criminals are using AnyDesk and Team Viewer Quick Support apps for duping bank customers.
HOW TO REPORT FINANCIAL CYBER CRIMES
- Immediately contact to your bank for disabling/blocking the alternate delivery channels (Debit/Credit card/Internet Banking/Mobile Banking/UPI etc) through which fraudulent transactions have been done.
- Early reporting to your bank will be beneficial because it will stop your further loss.
- You can register cyber crimes related complaint at National Cyber Crime Reporting Portal (Ministry of Home Affairs, Govt. of India) at https://cybercrime.gov.in or you can contact their helpline number 155260 between 09:00 AM To 06:00 PM. You can also track the status of your complaint using this portal.
- A New Feature “Citizen Financial Cyber Fraud Reporting and Management System” has been activated for prevention of money loss in case of Cyber Financial Fraud for Delhi only. For immediate reporting, victim can call on 155260 (Between 09:00 AM To 06:00 PM).
- Citizen manual can be accessed at National Cyber Crime Reporting Portal through https://cybercrime.gov.in/Webform/Citizen_Manual.aspx
- Victim can also register online police complaint through state police website or through mobile app of concerned state police.
- Victim can lodge such complaints at cyber crime police stations of state police which have been exclusively established for investigation of cyber crimes related complaints.
- Victim can also lodge such complaints in police stations.
- It is notable that cyber crimes related complaints can be lodged anywhere because it has no boundaries or jurisdiction.
Nowadays, digitalization is increasing day to day in India so that every citizen can access the services of different sectors in fast and fair manner. In the age of digitalization, there are many payment banks and e-wallet companies have got license from Reserve Bank of India for operating limited banking business through digital mode. Public and private sector banks are continuously providing many types of banking facilities in online mode. Due to expansion of online banking facilities to the every group of people through debit card/credit card/internet banking/mobile banking/unified payment interface (UPI)/mobile-wallet etc. there is possibility of various types of cyber crimes. To avoid such type of cyber crimes, cyber security awareness can play an important role. Majority of Indian citizens are not aware with banking cyber security and easily duped by the cyber criminals. Further, various types of cyber crimes and preventive measures to avoid banking cyber crimes have been discussed here. Government, Reserve Bank of India, public/private sector banks, police may educate the citizens of India about cyber security so that they can be aware about common banking cyber threats and countermeasures and save their money from cyber criminals because awareness is the only defense.
Disclaimer: “All contents presented in this article are personal views of authors. These contents can not be treated as official views of the authors.”
Writer- Satyendra Sharma is Senior Manager- IT, PNB & Prof. Triveni Singh IPS, SP Cyber Crime, Lucknow