Strengthening Digital Security: Utkarsh Small Finance Bank Holds Cyber Security Webinar

NEW DELHI: Taking a step forward to strengthen its cyber security, Utkarsh Small Finance Bank held a cyber awareness webinar for its officials on Thursday. The two-hour-long power-packed sessions were held by Prof Triveni Singh, SP, Cyber Crime, UP Police and Cyber Crime expert Amit Dubey.

The event was organized by the Root64 Infosec Research Foundation and Future Crime Research Foundation (FCRC) with the support of UP Microfinance Association (UPMA).

J N Mallikarjuna Rao, Chief Information Security Officer (CISO) of Utkarsh Small Finance Bank highlighted the cyber security initiatives taken by the bank. “Cases of cyber crime is on the rise and the  Utkarsh Small Finance Bank has taken all the measures to ensure banking security.  He highlighted that as the nature of crime is changing very fast it becomes important for the employees and staff to adopt the latest best practices and stay updated about the latest threat.”

Speaking about the webinar, Rao said, “employees will get first-hand experience of real-life cases and clear their queries with top professionals who are investigating such cases.”

Opening the webinar, Prof Triveni Singh talked about real-life cybercrime cases which are common these days especially those affecting the banking and finance industry. He gave examples of QR code scam where public is cheated by sending QR code for transactions. Instead of depositing money in victims account the criminals siphon the money out of it. These scams are getting very common but still, people are falling for it. Only way to stop is by awareness, which is possible through webinars, training and other publicity mechanisms,” Prof Singh said.

Triveni Singh highlighted how cybercriminals are creating look-a-like-website of popular banks, brands or shopping sites and cheat people.  Such crime not only results in huge financial loss of the public but a major loss of reputation for the brand.

“It is quite easy. A website domain can be booked for as little as Rs 399. Then these criminals create replica websites of their target and start sending phishing emails, WhatsApp or SMS. They also pay a huge amount of money on SEO so that the fake website appears on the top of Google search results. If the fake website is appearing on the top of search results, chances of people landing there are high,” Triveni Singh explained.

Giving out examples of some recent cases, Amit Dubey said the banking sector is troubled with phishing and vishing crimes where criminals misuse banks or financial institutions names. Such crimes can be only countered with awareness campaigns of employees and customers.

Amit Dubey explained we don’t realize how much our search result matters. What we search on the internet becomes base for cyber criminals to attack. They analyse the search pattern of their target and then customize their attack according to the search result. “Cyber criminals are studying keywords and serach data and based on that they make malicious ads, phishing pages and other online traps.”

Similarly, spoofing technology has become another menace as cybercriminals are misusing the technology to display the number of their desire on the display of their target’s mobile phone.  “Spoofing can play havoc, especially in the banking sector as criminals can call or mail from senior officials or customers numbers requesting for the transaction. It becomes extremely important to double verify if the person on the other end is an actual person or some criminal,” Singh said.

Citing the example of noted journalist Nidhi Razdan, Singh said she is a very intelligent journalist but she became a victim of a phishing attack and left her job in NDTV for a fake offer of teaching at Harvard University. These attacks are getting sophisticated and target specific.

Triveni Singh said senior IAS officers, judges and bankers are becoming the victim of common fraud, but people behind these scams are uneducated. They are barely high-school pass. Using some technical loopholes and social engineering methods they are cheating people. All they need is a phone, SIM and bank/wallet account on fake ids, so that if police start tracking it they end up at the wrong location.

 Explaining banking crimes, Triveni Singh said cases of SIM card swapping to empty bank account is becoming rampant.  Similarly using malicious software, hackers are taking control over ATMs and are manipulating it to dispense cash.

Cyber crime expert Amit Dubey alerted bank offices with his recent findings. He said that his research has shown that many organizations have a very poor level of security and are vulnerable to sophisticated cyber-attack. Dubey said all organizations need to audit their online assets.

Amit Dubey, who is also chief mentor of Root64 Infosec Research Foundation, said many fake companies are offering fake loans and schemes in the name of popular firms.  They create face apps and websites and cheat people.  It has become the need of the hour to have Open-source intelligence (OSINT) to identify such fake activities and take them down. This should not be a one-time exercise but a regular affair. Such fraudulent activity hit the trust of the customers.

Concluding the webinar Alok Pathak Chief Risk Officer (CRO) of Utkarsh Small Finance Bank said the bank has initiated several measures to spread awareness among the employees and customers. This webinar is also a part of the awareness activity. Most of the employees know about cyber hygiene and best practices but getting to hear from real investigators helps them in knowing about cyber crime better.