At a time when the whole world is dealing with the COVID-19 crisis, fraudsters are coming up with new ways to steal money as well as data from users.
At a time when the whole world is dealing with the COVID-19 crisis, fraudsters are coming up with new ways to steal money as well as data from users. They are leveraging the fact that a majority of us are spending additional time at home, generally being online either for business or leisure. There may be a number of rogue websites and Apps that promise users to notify them about the locality of COVID-19 patients by registering on their website or by downloading and installing an App. The platform may seek account details, card details, PIN, OTP etc. under the guise of validating users and may solicit confidential banking or personal details.
Users are requested not to register themselves at any such website or download such apps and furnish any kind of personal information. However, one may rely on the government’s legitimate Apps such as “Aarogya Setu” for updates and information on COVID-19.
Likewise, beware of unusual lucrative offers from popular entertainment streaming services. Fraudsters may provide exclusive promotional codes to give free subscriptions and may seek banking credentials from users while making fake registrations. There may be other instances like new e-commerce websites and Apps providing appointments with doctors or selling health kits, masks, protective gears etc. Users should also be cautious of unknown platforms which promise sale of items other than essential services as well.
With the nationwide lockdown and travel restrictions placed by the government, most of the small business enterprise individuals are staying put at home while corporate employees, except for those in essential services, have been working remotely to ensure business continuity.
Here are some precautions to be taken in order to protect ourselves from any undesirable fraudulent situations.
It is needless to say that there has been a significant rise in the number of online meetings through webinars, video and voice conferences etc. Although there are some reliable platforms to collaborate and meet online, users must always be aware of the security implications. While using any such services, do take following precautions:
1. It is always recommended to use “paid” subscriptions that come with secured credentials and login details for the administrator to create online meetings. Though it may be tempting to use “free” services that offer seamless subscription for internet-based audio/ video conferences and file sharing services through simple registration process, one should refrain from using such free Apps and tools as there is a high possibility that fraudsters may be snooping on you and gathering information from your device without your knowledge or consent.
2. One should always remember that online meetings should not be “Public”, which means only people with valid credentials should be able to log in. Meeting organizers should be able to use waiting room feature to let only the approved or known people to join meetings.
3. As a common precaution, one should also turn-off video feature in an online interaction, whenever not required. Also, microphones of your device should be kept in mute, unless you are speaking.
4. Sensitive documents should be encrypted with a strong password for online sharing. Recipients should be notified with the encrypted password through a different mode, say an e-mail or through SMS.
5. Do not share your desktop screen unless you know and positively identify the parties you are interacting with. Scammers can scan your device if the sharing control is enabled.
6. Always use a VPN (Virtual Private Network) to connect to your office network through a private Wi-Fi network.
Fraudsters may send you e-mails and SMSes with links that promises you to donate funds for initiatives such as ‘Prime Minister’s Citizen Assistance and Relief in Emergency Situations (PM CARES) Fund’. Beware of the source as they can alter the beneficiary account details and put their own to divert your donations to them.
One should always check and cross-verify the recipient account details for such initiatives. Check government websites and verified social media handles for legitimate account details before making any payment.
Banking Services – Relaxations offered by the Government
The RBI has directed banks to offer three-month moratorium to their customers toward paying EMIs of their home loans and card dues etc. Riding on this, a lot of fraudulent messages are being sent to people by fraudsters, who are embedding phishing / SMiShing links pretending to be from banks. These fraudsters may, under the guise of validating users, ask for banking details, passwords and OTPs that will let them take control of user’s account to siphon-off funds. Same is the case with “Home Banking” services ostensibly offered by banks through SMSes/ mails with links embedded. Users should validate any such offers by calling a known number of their bank branch.
(By Niranjankumar Laxman Upadhye, GM – Fraud Risk Management division, Worldline India)