Financial Frauds

LOTTERY FRAUD / FAKE PRIZE

The fraud in which, victims receive phone calls, emails, SMS’s, WhatsApp messages, or letters etc. telling them that they have won a lottery or an expensive gift. Victims are subsequently requested to deposit money in a bank account as processing fee or tax.
Modus Operandi

Tips

  • Never respond to unsolicited offers received through emails, messages, phone calls, and other social media.
  • Never transfer money to anyone in the name of a lottery or gifts.

2CVV / OTP FRAUDS

One-time password (OTP), a two-factor authentication, is effective deterrent against cyber criminals trying to steal money from victim’s bank account through online transaction. This OTP is valid for one transaction only and has time limit. In OTP Fraud, cyber criminals dupe bank customers into revealing OTP and siphon off Common pretext used by Fraudster to Cheat/Dupe Victims are:
Modus Operandi

Tips

  • Never share OTP, CVV, MPIN, Card
  • Banks will never ask you for your banking credentials over phone or via email communication.

UPI FRAUDS

In UPI Fraud, UPI mobile app installed on Fraudster’s mobile get linked to victim’s bank account when victim sends some code to another number. Once the victims account gets linked with the frauds UPI app, money will be siphoned off from the victims account
Modus Operandi

Tips

  • DO NOT Share any financial
  • Never forward any SMS from mobile number linked your bank account to another mobile number.

FRAUD USING ONLINE MARKETPLACES

Classified ads are one of the prominent sources for different kind of scammers to find potential victims where frauds pose both as buyers and sellers. In these type of fraud, scammers posing as sellers, ask for pre-payment for delivery of items and DOES NOT deliver it. While posing as buyers, scammers send Money request of UPI Mobile App with instruction to type in MPIN to receive the money.
Modus Operandi

Tips

  • MPIN is not required to receive mon

FRAUD USING REMOTE ACCESSING APPS

Fraudsters trick the victim to install app to allow remote access on the device. The fraudster gain access to all OTP based transactions and siphons off all the fund. Remote Accessing Mobile App: AnyDesk, Teamviewer.
Modus Operandi

Tips

  • Don’t build your security and identity authentication solely around your phone number.

SIM SWAPPING

Your Mobile phone, through your mobile number, could provide a way for cybercriminals to access your financial accounts. Such fraud is known as SIM swapping, and it can be used to take over your financial accounts. SIM swapping relies on phone-based authentication. In a successful SIM swap scam, cybercriminals could hijack your cell phone number and use it to gain access to
Modus Operandi

Tips

  • Beware of phishing emails and other ways attackers may try to access your personal data to help them convince your bank or cell phone carrier that they are you.
  • Boost your cellphone’s account security with a unique, strong password and strong questions-and-answers.
  • If your phone carrier allows you to set a separate passcode or PIN for your communications, consider doing it.
  • Don’t build your security and identity authentication solely around your phone number.

GOOGLE BUSINESS

Fraudsters have created hundreds of fake websites having “business.site” as part of domain name of different e-commerce companies and they mention their mobile numbers as customer support. These sites are created using Google My Business facility and such websites are ranked higher in Google Search. Trusting the fraudsters to be customer care executive, people call them, follow their instruction and lose money.
Modus Operandi

Tips

  • Toll free/customer care numbers of banks will be given on back/flip side of debit/credit card, Bank passbooks etc.
  • Google results should not always be treated as verified information on searches.
  • Always search for customer care number from the official website of the entity.

FRAUDS USING MATRIMONIAL SITES

Fraudsters befriend men/women after creating an impressive online profile on a matrimonial site, posing as prospective bride/ bridegroom. After gaining confidence, the fraudsters ask to transfer money into their bank accounts stating various emergencies. Once the money has been transferred the fraudster cuts all the contacts with the victim and disappear without a trace.
Modus Operandi

Tips

  • Starts enquiring about your properties and income and starts demanding money.
  • They are not willing to show their face reluctant to come on video chat.
  • Reluctant to meet in person.
  • They express ‘love’ quickly even before fully understanding each other.
  • Voice inconsistent or confusing when asked for his or her personal details.

PHISHING / VISHING / SMISHING

Phishing: It is one of the well-known forms of social engineering technique of sending a link via email or text or embedding a link on a website or downloads malware onto the user’s device. Vishing (or voice phishing) in which Scammers will call targets from a phone (or spoofed) phone number, typically claiming to be representatives of banks or financial organizations. Smishing: It is SMS phishing attack in which attacker ask target to download an app or open a link. Individuals are more often the victims of smishing exploits.
Modus Operandi

Tips

  • Do not trust random messages or those containing obvious mistakes.
  • Always check the link received via any means before clicking. Hover over it to preview the URL if possible, and look carefully for misspelling or other irregularities.
  • If you have shared financial details, call the bank or the credit card company immediately to stop or deactivate any payments.

PAYMENT FRAUD USING FAKE

In This type of fraud a cybercriminal came up with a fake merchant website which looks similar to that of a legitimate business. The culprit then goes ahead and places fake offers on expensive/branded products on a very hard-to-resist prices and popularize the site through social media Ads. Victim clicks on one such link to buy products, with payment being done through UPI or
Modus Operandi

Tips

  • Pay attention to the address bar and check the domain name.
  • Look for customer feedback on the internet, research about the website.
  • Don’t be fooled by logos, it can be replicated
  • Fake websites usually have UPI payment facility only and don’t have CoD facility.

BUSINESS E-MAIL COMPROMISE

Business e-mail compromise (BEC) is a sophisticated scam targeting businesses that often work with foreign suppliers and/or businesses and regularly perform online money transfers. The Email Account Compromise (EAC) is the variation of BEC that targets individuals who regularly perform online transactions with foreign entities/companies. It should be noted while most BEC and EAC victims reported using wire transfers as their regular method of transferring business funds. Both scams typically involve one or more fraudsters, who compromise legitimate business email accounts through social engineering
Modus Operandi

Tips

  • Enable two-factor authentication on all business and personal email accounts.
  • Learn how to spot phishing schemes and protect yourself from them.
  • Use SmartScreen to identify suspicious websites.
  • Consider blocking email auto-forwarding to make it harder for cybercriminals to steal your information.