The novel coronavirus (COVID-19) is causing more than just physical harm to people across the country. Fraudsters have found new ways to trick bank customers now. Some bank customers have complained that they have been getting notifications that have an uncanny resemblance to the official communications from banks, on their mobiles, asking them if they want the loan moratorium. If you click the link provided in the text message by mistake, it takes you to a website that looks very similar to your bank’s website. However, beware! It is a phishing website. You are then persuaded to fill a form capturing your details and, within minutes, a sum of money gets withdrawn from your account.
Fraudsters have also resorted to calling customers, asking them for a one-time password (OTP) to postpone their equated monthly instalment (EMI). Once the OTP is shared, an amount is withdrawn from your bank account.
Here is how you can avoid getting tricked by fraudsters and stay alert to attempts at swindling your hard-earned money.
Fraudsters have also found ways to target those seeking more information and clarity on COVID-19.
Some claim to give you information on how to overcome the ailment – a matter that interests most of us in these times. Under the guise of acting on behalf of organisations such as the World Health Organization (WHO), the US Centres for Disease Control and Prevention, and other government authorities, fraudsters send you emails enticing you to click on a link that promises to give you information (Refer image).
Arpinder Singh, Partner and Head-India and Emerging Markets, Forensic & Integrity Services, EY says, “The link in the mail infects your computer the moment you click on it. It takes your browser to a malicious site that extracts your personal and confidential data.”
At other times, the mail carries a document which you are asked to download. The effects are as devastating.
Tarun Bhatia, Managing Director and Head of South Asia, Business Intelligence and Investigations says, “The fraudster just needs a click from you to get inside your system. So, avoid opening emails from unknown or suspicious mail ids.” Don’t click on any link unless you can verify it. Also, genuine organisations would never send individual emails to you, especially with attachments; their own websites have all the information you need.
Text messages are also sent. One such SMS message reads, “You’ve received a new message regarding the COVID-19 safety line symptoms and when to get tested in your geographical area,” followed by a link which uses ‘covid19info’ as part of its domain name. The sender of such scam messages is ‘GOV’ (Refer image).
Another popular topic of discussion these days is on how to claim refunds for your cancelled trips due to the COVID-19 crisis. Fraudsters are send messages tempting unsuspecting travellers by promising a 100 per cent refund on cancelling flight and railway tickets. Reading such messages, people get influenced and click on spam links for cancelling their tickets.
Fake UPI accounts for COVID-19 donations
To help the government fight the coronavirus outbreak, Prime Minister Narendra Modi had appealed to the citizens to donate. An exclusive PM CARES Fund was started for the purpose. The original Unified Payments Service (UPI) ID to make payments to the fund is pmcares@sbi. But, fraudsters are creating fake UPI IDs that appear to very closely resemble the PM CARES Fund in their wordings. They have circulated such fake UPI IDs through SMS, social media, emails, etc. Some of the fake UPI IDs are pmcare@sbi, pmoindia@sbi, pmindia@sbi, etc. Also, fake UPI IDs are created on the UPI handles of including ICICI Bank, HDFC Bank, PNB, etc. to mislead people.
Jayant Saran, Partner, Deloitte India says, “Donors need to careful; otherwise, money will be transferred to fraudsters’ accounts. It’s important to verify the account details from multiple authentic sources before making a donation.”
These are times when many charitable organisations also crop up, claiming that they help the poor or the jobless. Bhatia says, “Before donating money to any charitable organisations or NGOs you need to verify whether they have a registration number and if the donation made to them is exempt for taxation.” Don’t believe in details given in their website. It’s important to assess the impact of that NGO on the society by talking to some of the beneficiaries. Do a thorough check. Also, do a simple Google search for complaints against the NGO before deciding to donate.
Stay away from phishing traps while working remotely
Many of us are working remotely in this lockdown period. The risk of falling to phishing traps increases. For instance, you might get a suspicious email that appears to be sent by a colleague asking you to follow instructions to ‘transfer money,’ or ‘allow access to confidential product information.’ You may inadvertently click on the phishing link and confidential data stored can be compromised. Singh says, “To avoid such a situation, use instant messaging or a phone call to contact a colleague who appears to be the sender of a suspicious email.”
Employees using personal email accounts from their company laptops can end up landing on phishing sites. Kaushik Roy, Vice President and Country leader, South Asia, ACI Worldwide says, "To protect leakage of confidential information while working remotely, companies should allow employees to work only through a virtual private network (VPN), which is more secure."