This is one of the most common types of cyber fraud that has been going on for decades. The Modus Operandi in such crimes
is to email/SMS/call unsuspecting persons, preferably senior citizens, pretending to be from some bank.
In the vishing technique of fraud, sometimes, the fraudsters do not name the bank and ask the victim the name of their
bank and then tell them that they are transferring their call to the said bank. The so-called bank manager/employee/customer care executive
tells the unsuspecting victim that his/her bank account or debit card is being blocked/frozen due to some technical difficulties or because
their KYC has not been updated and if they wish to unblock it, they will have to verify some details. They, then induce the victim to share
the debit/credit card number, expiration date, CVV and finally, the OTP generated due to the fraudulent transaction that they do using the
victim’s card. The fraudsters do not let the victim hang up the phone lest he should come to know about the illegal transaction.
In a variant of this crime, the fraudsters sometimes call the victims and tell them that they have won a gift from the
bank (which could be anything ranging from a travel trip to a free additional debit/credit card) and that they just need to verify some
details and then proceed to dupe the unsuspecting bank customer as mentioned above. The cheated money is usually used to make some transaction
online at various e-commerce sites like Amazon, Flipkart, etc.
In the phishing email variant, the fraudsters send a link that takes the victim to a web page that is deceptively similar
to the actual site of the bank.
1. Banks or any of their representatives never send email/SMS to their customers or call them over phone to ask for
personal information, password or one-time password (OTP). Any such e-mail/SMS or phone call is an attempt to fraudulently withdraw money
from the customer’s account through Internet Banking. Never respond to such email/SMS or phone call.
2. Never respond to emails/calls asking you to update or verify User ID/Password/Debit Card Number/PIN/CVV, etc.
Inform your bank about such email/SMS or phone call. Immediately change your passwords if you have accidentally revealed your credentials.
3. Always remember that information like password, PIN, TIN, etc., are strictly confidential and are not known even
to employees/service personnel of the bank. You should, therefore, never divulge such information even if asked for.
4. Never provide your identity proof to anyone without any genuine reason.
5. Never click on any link in any e-mail to access the bank’s site. It is likely to be a phishing site that will
direct you to an impersonating site and capture your banking credentials.
6. Access your bank website only by typing the URL in address bar of browser.
7. When on your bank website, look for the padlock symbol either in the address bar or the status bar (mostly
in the address bar) but not within the web page display area. Verify the security certificate by clicking on the padlock.