Phishing
What is Phishing?
- Phishing is a way of attempting to acquire information such as usernames, passwords, PIN, bank account, debit card details by masquerading as a trustworthy entity details through electronic communication means like e-mail. Phishing is typically carried out by e-mail spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users.
If something seems fishy…it’s probably phishing. Here are some tips to keep in mind to avoid falling victim so that we protect our Bank and its data:
- Double-check that the sender’s email address matches who they claim to be
- Don’t click a link or download from emails sent by someone you don’t know, or weren’t expecting
- Typically, these emails will be poorly drafted with spelling mistakes. This should serve as an alert.
- Don’t reply to a suspicious email or message from an email you don’t recognize
Pharming
Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof websites which appear legitimate, pharming ‘poisons’ a DNS server by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere. Your browser however will show that you are at the correct website, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.
How to protect yourself?
- If you are using Internet Explorer 7 and the address bar turns RED, do not continue, as this is an indication that you are connected to a fake web site.
- You can also verify that you are connected to the right server by clicking on the gold padlock icon and then click on “View Certificates” to see you are connected to the right server.
Fraudulent Emails
With the evolution of e-mail, users have been targeted by global email scams that are intended to collect critical personal and financial information from unsuspecting victims. Illegitimate offers are e-mails that entice users to purchase popular goods or services at reduced prices (or before they’re available to the public), with no intent to deliver those purchases. Usually, these e-mails are designed primarily to obtain debit card or bank account information.
Other fraudulent emails are in the form of requests for help that usually offer a recipient large sum of money or attractive rewards in exchange for “short term” financial assistance. One common example is the “sender” who asks the recipient to supply a bank account number to “hold” large sums of money until the “sender” can retrieve it. In exchange, the recipient is promised a percentage of the deposit. The “sender” uses the bank account number for fraudulent activity, and the recipient never receives the promised funds.
How to protect yourself?
- Be Very Suspicious of any e-mail or phone call received from a business or person that asks for your password, passport number, and account or debit card information unless you have initiated the transaction.
- Always be wary of unsolicited emails offering large sums of money.
- Monitor your transactions. Review your order confirmations, Debit card and Bank Statements as soon as you receive them to make sure you are being charged only for transactions that have taken place. Immediately report any suspicions to BBK.
Key Loggers and Trojans
Key loggers are software programs that capture a computer user’s keystrokes. Such systems are used by hackers to obtain passwords or encryption keys and thus bypassing other security measures.
A Trojan is a program that appears legitimate but performs some illicit activity when it is run. It may be used to locate password information or make the system more vulnerable to future entry or simply destroy programs or data on the hard disk. A Trojan is similar to a virus, except that it does not replicate itself. It stays in the computer doing its damage or allowing somebody from a remote site to take control of the computer. Trojans often sneak in attached to a free game or other utility.
How to protect yourself?
- Never use computers located in public places such as Internet cafes or airport lounges for online banking.
- Install a Personal Firewall and anti-virus software with latest security patches and anti-virus signatures.
- Always remember to update your antivirus signature.
- Do not visit suspicious sites. If you suspect that a website is not what it purports to be, leave the site immediately. Do not follow any of the instructions it presents.
- Monitor your transactions. Review your order confirmations, Debit card and Bank Statements as soon as you receive them to make sure you are being charged only for transactions that have taken place. Immediately report any irregularities to your bank.
ATM Type Fraud
ATMs have simplified personal cash management and allow withdrawal of cash outside of banking hours. However the frequency of ATM frauds has also increased.
Different types of fraud:
- Card Skimming: Criminals install devices on ATMs to obtain/skim the card account details and record the PIN number entered by a customer. This information is then used to make unlawful cash withdrawals with counterfeit cards.
- Shoulder surfing: Criminals pretend to help unsuspecting customers at the ATM, but in reality are memorizing the PIN number.
- ‘Operational Cash’ Departments: In tourist destinations where there are few banks and ATMs criminals approach tourists and offer their services in directing them to local merchants who will utilize their point-of-sale device to issue cash (‘operational cash’ departments). The merchant then skims the card account details and uses a fake PIN entry device to obtain the cardholders PIN. This information is then used to make unlawful cash withdrawals with counterfeit cards.
How to protect yourself?
- Be especially cautious when strangers offer to help you at an ATM, or if you notice any suspicious activity at or around the ATM area.
- Use ATM locations that you are familiar with so any changes will be more apparent, for example, a false attachment on the front of the machine.
- Ensure that other individuals at the ATM queue keep an acceptable distance from you. Be on the look-out for individuals who might be watching you enter your PIN.
- Stand close to the ATM and shield the keypad with your hand when keying in your PIN.
- If you feel the ATM is not working normally, press the Cancel key and withdraw your card and then proceed to another ATM, reporting the matter to the bank.
- Keep your printed transaction record so that you can compare your ATM receipts to your monthly statement.
- If your card gets jammed, retained, or lost, or if you are interfered with at an ATM, report this immediately to the bank.
- Do not be in a hurry during the transaction and carefully secure your card and cash in your wallet, handbag or pocket before leaving the ATM.
- Memorize your PIN (if you must write it down, do so in a disguised manner and never carry it with your card).
- NEVER disclose your PIN to anyone, whether to a family member, bank staff or police.
- Use unique PIN numbers and never use numbers like your date of birth, or the last four digits of your phone number. Change your PIN periodically, and if you think it may have been compromised, change it immediately.
- Only use approved ATMs or banks to make cash withdrawal transactions.
Smishing
Smishing uses cell phone text messages to lure users in a similar fashion like Phishing. They take the form of text messages that claim to be from legitimate entities and are often used in combination with other techniques to bypass inbuilt protections. They might also direct victims to malicious websites on their phones.
Typical Examples of Smishing Attacks
- Dear BBK customer, You are successfully registred for BBK new updates. For full details: SMS as HELP +9122567830 & Download app BBK qulk app- BBK Team
- We are sorry but-BBK Debit Card is temporarily blocked. visit bbkindia-7484.tbm5430.com
Best Practices To Follow To Avoid Smishing Attacks:
- Be suspicious of any text messages containing urgent request for personal or financial information.
- Do not share any sensitive information over text messages.
- Do not click on any links on the SMS
- Please call the branch for help or refer to the information only on the official website of the bank.
Get In Touch With Your Branch If You Have
- Provide personal information to anyone
- Noticed any unusual activity in your account
- Received an SMS about updating data through a link
Identity Theft
Identity theft happens when a criminal obtains your personal information to steal money from your accounts, open new debit cards, apply for loans, rent apartments and commit other crimes – all using your identity. These acts can damage your credit, leave you with unwanted bills and cause you countless hours and frustration to clear your good name.