If you do give access, monitor service provider’s activity
New users of digital payment services are especially vulnerable
During the Covid-19 pandemic, online transactions have increased, but so have the risks of falling prey to fraudsters.
New users of digital payment services are especially vulnerable. Bharti Airtel Chief Executive Officer Gopal Vittal, among others, has warned subscribers against this growing menace
Remote access fraud
You could receive a call, purportedly from a goods or service provider you use, say, from the company whose laptop you own. The caller could claim he needs to upgrade your software. He could ask you to install a remote access software, which gives him control of your laptop. Once he gets access, he could steal any digital material stored on it.
“He could install a software called keylogger, which can record whatever you type. It can also record activities on your screen, allowing the fraudster to steal sensitive information,” says Udbhav Tiwari, public policy advisor, Mozilla.
If you initiate a call for help, that eliminates fraudsters. When calling up an organisation, take its helpline number from its official website. When they call back, check it is from a bona fide number. During the interaction, do not share any sensitive personal information. “Allow remote access only if it is essential. When you do, monitor the person’s activities,” says Tiwari.
OTP-based digital payment fraud
One form of this fraud works as follows: Someone calls up and says there is a problem with your digital payment service account. Your know-your customer is incomplete and to fix the problem, he says you need to share the one-time password (OTP) sent to you.
Meanwhile, he has typed out your phone number on the login page of the payment service provider’s website. Sometimes, he could transfer some money to your account to check if it is operational. He asks you to transfer it back. When you do, he says he has not received it, and asks for your Unified Payments Interface personal identification number (PIN) to conduct the transfer. Once you do, he transfers the money out of your wallet. Never share the OTP, PIN or password with anyone over phone or online. Be wary of calls you have not initiated
Ransomware attacks have been rising. “The ransomware takes over the computer and locks the user out of it until he pays a ransom,” says Mukul Shrivastava, partner-forensics & integrity services, EY.
Do not open emails from unknown sources or click on links that offer any sort of enticement. Also don’t download free movies, songs, etc, which are a big source of ransomware.
Relatives of Covid patients announce on social media platforms they need oxygen cylinders, concentrators, medicines, teleconsultation, etc.
“Fraudsters respond and say they can provide these. They get people to pay up in advance and then block calls from their number,” says Ritesh Bhatia, cybercrime investigator, cybersecurity and data privacy consultant.
Treat a request for an advance as a red flag. Pay up only after you have collected the goods or received delivery.