Internet has revolutionized the way online users can avail services like internet banking from anywhere, anytime without physical presence. Cosmos Bank has been delivering services to its customers and business through electronic medium since last couple of years. Though increased world-wide acceptance of internet as a delivery channel for providing services and products creates new business opportunities, it also gives an opportunity for fraudsters to use internet as medium to commit frauds. It is important for online users to be aware of such frauds and protect themselves against them.
Types of Frauds
The main objective of both offline as well as online fraud is to steal your 'identity'. This phenomenon is commonly known as "identity theft". Identity theft occurs when someone illegally obtains your personal information – such as your credit card number, bank account number, or other identification and uses it repeatedly to initiate transactions in your name. Identity theft can happen even to those who do not shop, communicate, or transact online. A majority of identity thefts occur offline. Stealing wallets and purses, intercepting or rerouting your mail, and rummaging through your trash are some of the common tactics that fraudsters make use of to obtain personal information. The more you are aware about identity theft the better prepared you will be.
Most offline fraud incidences happen as a result of theft of your mail, sensitive information related to your bank or credit card accounts, stolen atm/debit/credit cards, forged/ stolen cheques etc. You can protect yourself from such instances by exercising caution while receiving, storing, sharing and disposing your account statements as well as your cheques, ATM/debit and credit cards.
Online fraud occurs when fraudster pretends to be from a legitimate organization/legitimate person (that may or may not be in order to obtain sensitive personal data) and illegally performs transactions in your existing accounts. The most common methods for performing online frauds are usually by making use of fake emails, fake websites, pop-up windows, etc. or combination of any of these methods. This is known as "Phishing" or "Spoofing". Money Mules and phishing are most commonly seen.
Phishing is a fraudulent practice of sending emails purporting to be from your bank which induces individuals to reveal personal sensitive information such as passwords, credit/debit card numbers, etc.
- What is Phishing?
- How do the fraudsters operate?
- How do you identify a fake / phishing email?
What is Phishing?
Phishing is an act undertaken by fraudsters to gain your private and sensitive information through emails that appear to be sent by your Bank. Such fake emails encourage you to click on a link in the email which leads you to a fake website with a similar look and feel as that of the Bank’s authentic website. It is designed so, to capture your personal confidential account information such as Customer ID, IPIN, Credit/Debit Card number, Card expiry date, CVV number, etc. Customers’ email addresses are obtained/purchased by the fraudster through non-trusted sites where the customer would have revealed his email ID by means of casual browsing or shared it on chat rooms, blogs or mailing lists, etc. Some fake emails may also contain a virus known as a “Trojan horse” that can record your keystrokes or could trigger background installations of key logging software or viruses onto your computer. The virus may live in an attachment or be accessed via a link in the email. Never respond to emails, open attachments, or click on links from suspicious or unknown senders. If you’re not sure if a email sent by Cosmos Bank is legitimate, report it to us without replying to the email.
How do the fraudsters operate?
- Fraudsters send spoofed emails, appearing to be sent by Cosmos Bank, to large number of recipients with an urgent tone that calls for quick action to verify, update or reveal your confidential account information by clicking onto a link in the e-mail.
- Once the recipient clicks on the link in the e-mail, he is diverted to a fake website with a similar look and feel of the Bank’s original website. The customer is presented a web form to divulge his confidential account information i.e. customer ID, IPIN, Credit / Debit Card numbers, Card expiry date and CVV number, etc.
- Once the unaware customer reveals his confidential account information on the fake website he may be directed to the authentic website of the Bank to suppress any suspicion arising in the customer’s mind. This is how the customer’s identity is compromised.
- This customer confidential account information or identity credentials are then used by the fraudster to gain access to the customer’s account to commit fraudulent transactions.
How do you identify a fake / phishing email?
- The fraudster may use Cosmos Bank’s’ email address, domain name, logo, etc to give an authentic look to the fake email.
- Do not rely on the name and source in the "From" field of the email address as it can be easily manipulated by the fraudster to appear it to be received from a valid email account of Cosmos Bank.
- Fake emails are generally sent by personally addressing your name e.g. "Dear Ravi Patil". Cosmos Bank sends alerts or SMS's starting with "Dear Customer".
- Such fake emails are poorly drafted and may have spelling or grammatical mistakes.
- Such fake emails always encourage you to click on to a link to verify or update your confidential account information.
- The links embedded in such fake emails may sometimes look authentic but when you move the cursor/pointer over the link, there may be an underlying link/url to a fake website.
By phishing or other means of customer identity theft, the fraudster harvests customer NetBanking credentials i.e. customer ID and password with a motive to transfer money from customer account to another account holder
- What is Money Mule?
- How do the fraudsters operate?
- How do you protect yourself from becoming a money mule?
What is Money Mule?
Money mule is a person who receives money form third party in their bank account and transfers it to another account or takes it out in cash to give it to someone else. The beneficiary account holder is referred as a "Money Mule". The beneficiary becomes accomplice unknowingly by social engineering techniques employed by the fraudster.
How do the fraudsters operate?
- These fraudsters either maintain anonymity or use fictitious identity to commit these frauds. They generally operate from a country other than where the fraud is to be committed (e.g. if fraud is to be committed in India, they may operate from countries like Nigeria, Uganda, etc) to keep themselves away from local law enforcement agencies.
- Social engineering techniques such as contacting the prospective money mules either by sending emails, in chat rooms, job search websites or through internet blogs are the common way how fraudsters launch their attack.
- Fraudsters lure the prospective money mules to share their bank account details by telling them a fake story and convincing them to receive money in their accounts. Fraudsters also offer a part of their money or commission and persuade them to unknowingly act as money mules.
- Fraudsters then transfer money from the bank customer account whose Internet Banking customer ID and IPIN / password has been harvested either by means of phishing or through other means of identity theft.
- Money Mule is then directed by the fraudster to retain commission and transfer balance money either through wire transfer or to an account of another money mule by means of online transfer or cash deposit thereby forming a chain of fraud.
- Such money transfers would ultimately lead to funds transfer into fraudster’s account thereby maintaining anonymity.
- When such frauds are reported the money mules become the target of law enforcement agencies as their bank accounts are used and their identity is established.
How do you protect yourself from becoming a money mule?
- The fraudster may cook different stories, however his motive will be to convince you to share your bank account details, receive money and act as per his directions.
- Do not respond to email from strangers asking you for your bank account details.
- Do not get carried away by attractive offers or prizes.