7 MinsJuly 27, 2020
The lockdown has led to an increase in digital banking transactions and online payments. While these changes are necessary, they may also open the door for new types of frauds. Staying on top of them is the need of the hour. Read on to know some of the emerging types of digital frauds and how you can tackle them.
What it means: As a digital fraud method, phishing has been well known for a while now. However, it has evolved into a different form known as spear phishing. Phishing involves impersonating a trustworthy entity in a piece of communication sent out in large numbers, leading people to interact with it and share their credentials or download malware. Spear phishing is similar but more effective and personalised.
Spear phishing attackers first gain personal information about specific targets, usually by scouring what’s publicly available online. This could involve knowledge about your contacts, your recent purchases, services you interact with and more. Using this, highly customised communication containing personal information is sent to target individuals and gain their trust.
What you can do: As a precaution, don’t click on links in emails - instead, go to the entity’s website directly. Also, check the authenticity of the email ID by comparing it with past emails. To avoid the possibility of being targeted, watch what information you share online. Find out about the communication policies of the organisation contacting you. For example, Axis Bank does not ask for personal security details like your Internet banking details or phone banking passwords on the email, phone, or otherwise.
What it means: Another variant of phishing, pharming does not require you to click on an initial link. It works by putting malicious code into your computer or at an internet server level which automatically redirects you to a fake alternate site when you try to access a legitimate one. This site would be designed to impersonate the genuine site and is aimed to trick you into sharing your credentials.
What you can do: To keep yourself safe, look for secure (https://) websites with a lock icon before the URL. Also, enable two-factor authentication wherever it is available. Changing the default password of your router is also a must. Additionally, always go for reputable internet providers and VPN services.
[Also Read: Tips for Safe Banking Practices]
Deepfake based identity theft
What it means: Deepfakes have emerged in recent years as a technology that can create disturbingly accurate fake videos or audio recordings of someone. This is done by processing publicly available content, so it is more likely to target famous people who appear in media often. However, as the technology gets better, regular people can be targeted as well. Fake visuals may be used to create accounts and sign up for services using someone else’s identity, even if methods like video KYC are in place.
What you can do: As an individual, to protect yourself, enforce strict policies about official and personal communication. Any suspicious message, especially via a medium not generally used by the source, should be investigated before acting on it.
Chatbot and voice assistant based fraud
What it means: As chatbots and voice assistants have made our lives at home easier, they’ve also opened up new avenues for scammers. Chatbots can be impersonated by using legitimate sounding names on app stores.
Voice assistants are also vulnerable to certain new frauds. Voice search results can be altered to get you to call a fake business and grab your details. Audio deepfakes, as mentioned earlier, can also be used to dupe voice assistants by impersonating genuine users, but as of now, common people don’t need to worry about this particular attack vector. Due to their better hearing, AI-driven voice assistants can also be forced to detect commands inaudible to humans. For example, when you open a scam video, a hidden command could instruct your smart speaker to unlock the connected smart locks around the house.
What you can do: Two-factor authentication adds a layer of protection against these types of frauds. Axis Bank offers two-factor authentication for your online transactions with its Netsecure app. Another safe practice is to PIN-protect important voice assistant commands such as transferring money or disabling security cameras, etc, and you should be safe.
Selfie authentication fraud
What it means: As selfie-based authentication gains popularity, scams based on it may also see a rise. A scam communication might ask you to share your selfie, and maybe even with an ID document, supposedly to confirm your identity for various purposes such as participating in a free giveaway or avoiding the locking of your social media accounts, etc. This can give the scammers two things – a selfie that can be used for similar authentication elsewhere and a clear image of your ID document.
What you can do: Exercising caution is the best way to avoid this. Whenever you receive a request like this, use the same methods that you would use against phishing to check for authenticity. Additionally, check with your service provider – banks, ISPs etc – if they ever carry out such checks. Chances are they don’t.
As working from home becomes the new normal, what used to be a highly regulated workspace is now spread across the households of all the employees of an organisation. As a result, what used to be a single point of entry into an organisation’s systems has now become numerous, which makes the average person working from home a high-risk endpoint. This only stresses the importance of staying on top of the evolving threat landscape and optimising your security mindset as an individual to stay secure in these changing times.
Disclaimer: This article has been authored by Siddharth Parwatay, a Mumbai based independent tech-journalist, editor, and content-creator. Axis Bank doesn't influence the views of the author in any way. Axis Bank and/or the author shall not be responsible for any direct / indirect loss or liability incurred by the reader for taking any financial decisions based on the contents and information. Please consult your financial advisor before making any financial decision.