You receive a random text message with a link to update your bank account details, which takes you to a website and asks for a one-time password. You enter the password. In another few minutes, you get messages that a substantial amount of money is deducted from your bank account. Then begins the panic calls to bank and long process to address the (by now you know) the phishing attack.
The above scenario must have happened with you at some point--or with someone you know. Who is to be blamed for such fraud-attacks? Where does the buck stop? Of late, an increasing number of customers have complained on social media about being victims to fraudsters impersonating big banks.
According to some media reports, around 40 people of a single private banks were defrauded in three days after they clicked on a fraudulent link. Is this something new?
Most certainly not.
There have been a number of such frauds reported in the past too.
For instance, in October 2015 such attacks had prompted the Reserve Bank of India (RBI) to issue a public advisory warning public about emails sent by fraudsters impersonating the central bank.
In March 2022, RBI issued another advisory cautioning individuals against SMS, email, instant messaging, phone calls and OTP frauds. Despite all such warnings, there have been such recurring instances. As more people migrate to digital banking channels, the vulnerability to frauds increase.
Last month, the RBI had asked banks to beef up resources to step up cybersecurity. Also, at a larger level, such rising number of fraud cases raises critical questions on the larger use of central bank digital currency (CBDC), which is in a pilot phase at this point. If Indian banks want to get their digital game right, they need to plug the gaps in digital banking channels by constantly updating their service platforms. This is not only about addressing frauds but also tackling frequent digital outages in tandem with the rise in customer volumes.
What is the solution to tackle phishing attacks? Banks and the regulator can step up the awareness programmes to sensitise customers but ultimately caution should be exercised on the part of customers. No bank would ask for personal bank details through messages such as passwords, OTPs or account details. If you are still doubtful about the message you received, call up the bank or visit in person.
Unless customers exercise caution, such frauds will recur. Recently, Moneycontrol had published an explainer on how such scamsters operate and what can you do if you find that you are a victim of such an attack. Take a look.
(Banking Central is a weekly column that keeps a close watch and connects the dots about the sector's most important events for readers.)
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
