have resulted in a rapid increase in volume, as well as the ease with which financial
transactions are being carried out.
Today almost all financial transactions
are being done via digital banking banking.
However these developments comes
with its own set of limitations i.e.
increase in the number and types of internet
banking frauds taking place.
REASON BEHIND INCREASE IN DIGITAL FRAUD: Change in e-commerce landscape: Purchasing of goods and services moving over to online platforms or marketplaces. Increase in the use of online payments services: The increasing use of P2P and e-wallet apps has increased the chances of frauds taking place. Increase in digital banking services: The demand of consumers for more online and mobile services from financial institutions resulting in banks going digital. More sophisticated fraud tactics: Due to an increasing number of data breaches over recent years, fraudsters can more easily access PII (personally identifiable information) and use it against consumers Unclear legal jurisdiction of cross-border fraud: Most large sum transactions encompass multiple countries. Hence it is difficult for individual jurisdictions to properly monitor for fraud risk. Technological advancements resulting in new sophisticated frauds: The technologies that companies and banks to innovate, introduce new products and services are also being adopted by fraudsters. TYPES OF FRAUDS: WHATSAPP BANKING FRAUD: • WhatsApp banking services, are used by banks provide alert notifications from your bank through WhatsApp instead of getting them as SMS.
• The familiarity and simplicity of the
WhatsApp messaging makes it easy for customers to interact with the bank and get answers to queries in a seamless manner. • However Whatsapp is being exploited by scammers on the platform. Fraudsters send text messages to Whatsapp users in order to extract sensitive information such as bank account details. CONTD.
• WhatsApp scam makes use of working external links on the
platform. The scam, named "Rediroff.ru" is being circulated by WhatsApp users themselves. The fraud involves the circulation of the above mentioned WhatsApp link . As soon as a user opens the link, they are redirected a web page which tempts them by promising an assured gift or informing them about the prize of a giveaway. • The user opens the web page and fills a survey sheet, the page collects vital information concerning the user including their IP address, name of the device and other personal details such as name, age, address, bank account details which can be then used to scam the user. SIM SWAPPING: • SIM swapping is a form of digital identity theft which works on social engineering. It is often the second phase of a fraud attack, SIM swapping happens when fraudsters take control of a victim’s mobile number and from there obtain verification codes like OTPs and URNs that give them unrestricted access to protected accounts. • Fraudsters take get access to replacement SIM that is replaced through methods such as reporting a handset lost or stolen, placing requests for SIM replacement, or producing fake documents to get a duplicate SIM. COTD
• In April 2018, Gregg Bennett, an entrepreneur in Bellevue,
Washington, noticed something odd happening across his email account, after which his phone connectivity immediately zeroed out. Fearing a hacking attempt, Bennett, unfortunately, could do little as the fraudsters took control of his phone number via his SIM, therein gaining access to Bennett’s Amazon, Evernote, Starbucks, and even his Bitcoin account, whereby he lost 100 Bitcoin. PROCESSES OF SIM SWAPPING: WHALING: • A whaling scam or attack is a method used by cyber fraudsters to masquerade as a senior player at an organization and directly target senior officials of an organization, with the aim of stealing money or sensitive information or gaining access to their computer systems to carryout further criminal activities. • These are mainly targeted towards higher officials hence it is also known as CEO fraud, whaling is similar to phishing in that it uses methods such as email and website spoofing to trick a target into performing specific actions, such as revealing sensitive data or transferring money. COTD.
• The major point of difference between whaling and spear-phishing
is that fraudulent communications is seem like it has come from a senior officials. These attacks can be made all the more believable when cybercriminals use significant research that utilizes openly available resources such as social media to come up with a tailor made approach for those target individuals. • This could include an email that seems to be from a senior manager and could include a reference to something that an attacker may have got from online sources. • The sender's email address typically looks like it's from a believable source and may contain corporate logos or links to a fraudulent website that has also been designed to look legitimate. Because a whale or senior officials level of trust and access within an organization tends to be high. Hence the attacker tends to put more effort into the finer details in order to pull of a near perfect scam. DIFFERENCE BETWEEN WHALING AND SPEAR PISHING: COTD
• In 2016, the payroll department at Snapchat received a whaling
email seemingly sent from the CEO asking for employee payroll information. Last year, toy giant Mattel fell victim to a whaling attack after a top finance executive received an email requesting a money transfer from a fraudster impersonating the new CEO. The company almost lost $3 million as a result. CONCLUSION:
Online payments have made it easy to make financial transaction
anytime from anywhere in just a click. However it comes with its own set of problems and risks. Whether you are regular with online banking or feel skeptical about it, some safety measures while making a digital transaction essential. Basic awareness about online scams can help one avert a financial tragedy. THANK YOU.