Safe Online Banking
In recent times, several customers of various Indian banks have reported being victims of frauds resulting in losses ranging from thousands to lakhs of rupees.
This advisory is being released considering increasing threats in online banking and thus to make you aware of the common fraudulent approaches.
Following techniques are being increasingly used to get information from you, that can help to perform unauthorized transaction from your debit/credit card accounts.
· Verification call for OTP: This is done in cases where a fraudster already has your banking credentials. However, to complete any transaction, he requires the bank generated OTP. In such cases, a user may receive a call stating that they are calling from XYZ bank and are calling to verify if customer's OTP system is working or not. As a confirmation, they would ask for recently generated OTP and would also mention that if you do not do so, your account can be suspended.
Please be vigilant of such calls. Banks never ask for such information on phone. The fraudsters are attempting a transaction requiring OTP and thus they call you to share the same.
· CVV number validation: You may get a call stating that the CVV number of your card would expire soon and that by sharing the current CVV number, they would generate a new CVV number. They would also state that If it is not shared, they would block the card.
Please be vigilant of such calls. CVV number is tagged to a card and changes only when the card is changed in physical form. If your CVV number has been shared by mistake, you should replace your card.
· Unlock online bank account: A fraudster who knows your login id, can lock your account through multiple unsuccessful attempts. Then, a user may receive a call that their account is locked out due to attack by frauds and would need user password so that same can be unlocked from the backend . It is important to know that normally, any such locked accounts get automatically unlocked after a specific time period. This situation is exploited and the account is used the next day through the shared password.
· Card Validation – A user may have a surprise bank visit claiming that they are from XYZ bank and they need to verify every card of that bank physically to ascertain that the card is with right owner. Typically, they would come during day time when working people are out of house. The victim would share the cards and fraudster takes images of the card. The details on the card are later used for malicious purpose.
· Phishing Email – You may receive an email which seems to be from the bank asking you to validate your user name, account number etc. by logging in to the site. This site where you are required to provide credentials resembles the bank site however, when you enter your credentials, the user name and password goes to the attacker which can be used for their own malicious purpose.
Please note that Banks do not require such confirmations. You should ignore such emails. If you really need to open links from such emails, it is advised that you carefully see the link and after that, type the link rather than clicking as there can be malicious links wrapped within genuine looking links.
Hope the above information helps you to take informed decision while handling your online bank accounts.