Safe online transaction tips during Coronavirus lockdown: consumers should exercise extra vigilance, and steer away from emails, apps and website links that have grammatical errors, insist on immediate actions, contain generic greetings or ask for personal information
Safe online transaction tips during Coronavirus lockdown: Digital payments have increased during the extended lockdown due to Coronavirus in India. More so because experts say that cash can spread the virus. However, digital payments spike has also led to a rise in Coronavirus-themed phishing scams and several other online frauds. Experts say that it is important to take necessary precautions while making digital payments or online transactions. Venkat Krishnapur, Vice-President of Engineering and Managing Director, McAfee India, told FE Online that the National Payments Corporation of India (NPCI) has been urging Indians to use digital payments to reduce social contact, for transactions ranging from buying essentials, mobile recharges and so on – from instore purchases to purchasing on e-commerce platforms instead. This has forced many not so tech-savvy consumers to explore the digital payments ecosystem.
He warned that with the lockdown restricting people, coupled with the surge in online transactions, this is a golden opportunity for threat actors to exploit less-protected touchpoints.
How fraudsters operate
“Leveraging fake UPI-based payment links or seemingly legitimate bank websites, they unleash a slew of phishing and other social engineering tactics, solely banking on the lack of user awareness and uncertainties,” said Venkat Krishnapur.
Sharing an example, he said that McAfee researchers have observed a campaign leveraging phishing emails referencing the terms “COVID-19” and “Coronavirus” to entice users to click on links or attachments which then downloaded the information-stealing Fareit Trojan onto their devices.
The McAfee official shared the following steps to take to ensure a safe experience online:
- Keep your bank/merchant account number private – Be cautious and extremely selective when giving your account number to anyone. Be extremely wary of requests received over email, text, phone or social media, asking for personal information. Only offer it when you initiate the call to a number you know is safe and while talking to a bank or merchant you trust.
- Learn to spot phishing scams – Although some phishing scams are easy to identify, other phishing attempts can appear awfully legitimate. Exercise caution when clicking on links and opening email attachments. If the link is from someone you don’t recognize, don’t open it. It is best to type the website in your web browser rather than clicking on any link. Always look for the ‘s’ at the end of ‘https://’ on the URL. ‘S’ stands for ‘secure’ which indicates that the page is safe and encrypted. STOP,THINK and CLICK!
- Use trusted networks only – Use your data plan or a secure, private Wi-Fi network when transacting online. Over an unsecure public Wi-Fi, cybercriminals could use the holes in these networks to access your personal banking information and possibly access your bank account. If you must use public Wi-Fi, its best to route it through a Virtual Private Network (VPN).
- Use complex, unique passwords and change them regularly – Weak passwords are a fraudster’s dream – especially if you use the same password for all your accounts. To stop thieves from accessing your data, mix up your password and use complex passphrases. Wherever possible, enable multi-factor authentication, PIN/Password requirement, or fingerprint recognition.
- Keep a close eye on your bank and credit card statements – Look for questionable activity and ensure you identify every transaction, no matter how small. Do not ignore notifications that come to your phone.
- Use a comprehensive security solution – Whether you’re banking through a mobile app, or contacting a financial services institution over the web, make sure all your devices are protected by using a comprehensive security solution.”
Damon Madden, Principal Fraud Consultant, Middle East and South Asia, ACI Worldwide, said we have already seen a surge in Coronavirus-themed phishing scams to dupe unsuspecting consumers, as criminals seek to capitalise on the disruption. “As more people opt for digital transactions, consumer awareness will be crucial as the first line of defense against fraud.”
Steer away from grammatical errors!
The ACI official said that consumers should exercise extra vigilance, and steer away from emails, apps and website links that have grammatical errors, insist on immediate actions, contain generic greetings or ask for personal information – these are common indications that the notifications are not from legitimate banks or government agencies.
“It is important that banks focus on increasing consumer awareness against these type of frauds through extensive education campaigns across different communication channels. Additionally, banks should adopt multi-layered fraud prevention strategies that bring together digital technologies such as artificial learning and behavioural biometrics, combining them with deep customer insights,” he said.