A large number of people are helping the nation by donating funds, especially to the PM Cares Relief Fund and cybercriminals are using this opportunity to defraud people. The cybercriminals are adopting different types of tactics, due to which digital fraud is increasing rapidly.
In view of the COVID-19 crisis, a large number of people in India want to help the nation by donating funds, especially to the PM Cares Relief Fund. However, one should be careful about the mode of the transaction while making payment for this noble cause, as cybercriminals are using this opportunity to defraud people.
In fact, in the wake of the coronavirus outbreak in India, there has been an increase in cyber attacks on personal computer networks, mobile phones, VPNs and routers since employees have been asked to work from home. Additionally, ever since the PM Cares Relief Fund was announced, cybercriminals have been trying to dupe people by sending out malicious e-mails and messages as well as setting up fake websites and pages on social media platforms.
Trishneet Arora, Founder and Chief Executive Officer, TAC Security, says, “The risks involved right now are mostly relating to data theft, i.e. losing personal and important data to identity theft to even phishing exercises, making one be vulnerable to lose money from their accounts.”
How have cybercriminals been taking advantage of people?
Cyber-criminals are using this vulnerable time to cheat people. Sanjay Kaushik, Managing Director, Netrika Consulting India, says, “Having stuck inside their homes, people are going through anxiety and are vulnerable to making mistakes that can cost them a huge amount of money. Take, for example, the issue of a moratorium on EMIs on housing loans. While lakhs of individuals want to avail of this opportunity provided by the RBI, cyber-criminals are using it as a chance to get people to share their personal information with them.”
CERT-IN (Cyber Emergency Response Team – India) has received multiple complaints about the use of fake UPI IDs by cybercriminals to convince people to send their donations into fake accounts. The genuine UPI Id for contributing to the PM Cares Relief Fund is ‘pmcares@sbi’, with registered account name of ‘PM CARES’. However, there are a number of fake IDs that are floating in the market. Some of the fake IDs that have so far come to the notice of CERT-IN are, pmcares@pnb, pmcares@hdfcbank, pmcare@yesbank, pmcare@ybl, pmcare@upi, pmcare@sbi, and pmcare@icici. Note that only the SBI is authorized to take the donations under the PM Cares Relief Fund, and donators should also be careful about the spelling of the account. Sometimes, there could be an extra ‘S’ in the spelling, leading to confusion and loss of money for the donator.
Additionally, people receive calls from call centers asking them to share their bank account details to avail of the moratorium on their home loan EMI. Kaushik says, “While availing moratorium the point to be noted here is that no bank will call you upfront asking for your bank details for providing a moratorium on the EMI. Gullible people end up sharing their sensitive financial details and are made to click on links that immediately cost them money.” Similarly, many people are getting defrauded by clicking on the links of counterfeit websites. The URL of these websites is very similar to the original one, and even the user interface is difficult to differentiate from the original.
The cybercriminals are adopting different types of tactics, due to which digital fraud is increasing rapidly. Arora says, “People are also receiving fake infected maps, wherein they are asked to download the software and follow the steps, which is mostly data security breach of people.” Therefore, it’s important to have a good antivirus/firewall on all devices, mobiles, laptops to ensure that shady websites or URLs get red-flagged as soon as they were to pop-up on your screen.
What are the measures that could be taken to escape from such cyber-attacks?
- If you are doing your online transactions do not save your Debit/ Credit card details. Disable the ‘AutoSave’ or ‘AutoComplete’ feature on your computer or mobile banking app.
- Do not use public Wi-Fi for online transactions. Always use secure websites for your online transactions. Never rely on random websites for online transactions. There’s a pattern to such texts and cyber-criminals always try to encash people’s curiosity, empathy and need, to convince them to click on the links given in the phishing texts.
- Never click on the unverified pop-ups. Ignore all random mails or messages. If you have received any random messages or emails, never open it.
- Always set two verification steps or set a strong and complex password. Always set One Time Password for digital transactions.
- Do not share your OTP or CVV or personal details, even if the other person says that he/she is calling from your bank and has certain knowledge about your bank account, for instance: your last transaction or your account balance. You should never share any new information and immediately call up the official number of your bank’s customer care.
Having said that, experts say only knowledge and alertness can ensure that people don’t fall for tricks of the hackers, and remain safe against cyber-attacks. Remember, there’re no free lunches in the world, and nobody would want to transfer his/her lottery money to your account from, say, Latin America.