Case in Mumbai– A Mumbai-based lawyer, Manjiri Kulkarni, became a victim of an online fraud around nine months ago. She received an email from ‘her bank’, saying that since they were installing new servers, her details needed to be updated. The mail also warned that in case she failed to respond, her net banking facility would be deactivated.
Kulkarni provided all the details asked, including her PAN card and driving licence numbers, addresses and date of birth. A month later, she found that Rs 96,000 was missing from her account. When Kulkarni contacted her bank, she realised that she had been a victim of phishing.
“Almost 80 per cent of online banking frauds occur through phishing after customers give their details on receiving dubious emails,” said Jayapradha Bharathan, IT officer at Punjab National Bank. The bank had faced a similar fraud last week when a group of hackers siphoned off Rs 1.66 crore (Rs 16.6 million) from a Noida-based businessman’s account.
Types of frauds
Phishing: Here, when a customer clicks on the website address in the email, s/he is taken to a webpage that appears similar to the bank’s net banking website. The user is then asked to provide details such as account number, username, password, credit card or debit card number and other personal details. Hackers use these information to transfer money to bogus bank accounts.
Vishing: In this case, the victim gets a phone call, where an automated recording says that an illegal transaction has taken place on his/ her credit card and that the user should call on a given number. When the cardholder calls back, a computer-generated voice tells him/ her to verify the account with details such as the 16-digit credit card number. A customer-care executive attends to the call and asks for more details, pretending to assist the person in blocking the account.
How to avoid phishing and vishing
- Never give out passwords, pin and other personal details to anyone or any website
- Never respond to emails that request personal information
- When you access your netbanking facility, check for security certificates
- Change your password often
- Do not access netbanking or do online shopping in cyber cafes
- While shopping online, buy only from websites you trust
- Pay using credit card for online transactions
Dos and don’ts
Security experts say the first rule to avoid falling into a hacker’s trap is to never give out passwords, pin and other personal details to anyone or any website. Never respond to emails that seek personal information.
When you access your net-banking facility, check for security certificates. On the bottom right hand side of the page, on the status bar, there will be an icon, usually yellow in colour that looks like a lock. This is called padlock. If you double click on this, you will get information on the security certificate. In a forged site, this icon is absent.
Of late, banks have been providing a virtual keyboard too. This helps avoid any software from storing the information that you have typed using the keyboard.
Change your password often.
Do not access net-banking or do online shopping in cyber cafes as these places may have software that can track your activity.
While shopping online, buy from websites you trust. If it is a new website, research on the company’s history before making a transaction. Give your credit card number only if you are making a purchase, never to verify your identity.
Pay using credit card for online transactions. Avoid payment through net banking.
What if you are a victim?
Though prevention is better than cure, if you have fallen prey to online fraud, there isn’t much you can do.
“Banks do not take responsibility for a loss that occurs due to negligence on the part of the customer,” said a senior official with a private bank on condition of anonymity. To top it, registering a complaint of such a fraud can be an excruciating exercise.