Cyber Crime / Part -Time Job / Pongi Scheme Scam Through Fraud / Investment

Recently, there are many cyber crimes incidents in banks, in which criminals and fraudsters are resorting to various types of functioning to commit cyber crime through banking channels and payments gateways. The RBI repeatedly broadcasts information about fraud/cyber offenses and issues consultation to regulated institutions (RE), including other things, as well as details of the proceedings adopted by RE. In this regard, we advise banks in relation to such fraud and cyber crimes that have come to our attention in recent times. Investment / part -time job / some functioning by fraudsters and criminals through transactions, in which transactions are done through banking channels, are given below:

1) The victims are wooed through part -Part Time job proposals and other advertisements on the Internet and/or messaging platforms etc., and they are promised high commissions or high returns such as doubling money in a short time. Advertisements/SMS messages usually have a link, which indicates direct chat. In addition, mobile application, bulk SMS message, SIM-Box-based virtual private network (VPN) fishing website, cloud services, virtual accounts in banks, application programming interfaces (APIs) etc. are used to do financial fraud.

2) Keywords such as’ online earn “,” part -time jobs “, etc. are used by fraudsters and criminals to introduce their advertisements with words that people are searching. Also, such advertisements are mostly displayed from 10 am to 4 pm, which is usually extreme time of internet use. The domain -’ and ”xy2” ‘Wixsite’. Most of these sites either redirect on a messaging platform or redirect on a website in which the messaging platform is embedded, which re -recipe on chat when clicked.

3) Many Indian numbers were used to communicate with the victims. On analysis, it was found that the mobile number holder was not aware that the messaging platform was being operated in his name. In some cases, the mobile number holders deliberately share the OTP in exchange for some money with the fraudsters.

4) The fraudster sends an investment link on the chat. Every person has a referralcode. The fraudster usually communicates in English. Google translation is also used to communicate with victims.

5) To activate the account, a screenshot needs to be sent to the person on a messaging platform. Once the account is activated, the user is given the task of winning the trust of the person. To perform a task, the mandatory condition is to load funds through the payment gateway which are not authorized to operate in India. All payments are made through digital channels including UPI. Some of the UPI addresses are from the Ministry of Corporate Affairs (MCA) registered with companies registered. The call center is usually used to interact with the victim for communication in relation to tasks. For example, if the investment is not loaded on the website, the executive officer of the call center starts the call.

6) The victim is asked to withdraw money when the work is completed. Money is withdrawn through various payments aggregators.

7) On receiving the first refund, the victim is now wooed to do more work that involves loading more money. The process continues and when the large amount is loaded by the victim, the person (cheating) stops responding to the chat. 8) UPI details are updated daily on fraud websites. Investment websites keep changing. The source code remains the same but the domain changes.

9) The bank accounts opened by money mule using the actual / fake identity are used to receive the stolen funds, OTPs, etc. from the compromised bank accounts. Rent accounts are obtained by agents and account owners (money mule) are given a fixed rent or commission or lump sum for the account.

10) The transaction is done by layer-by-rate transfer. Wholesale payment / API is also used for this.

11) From intermediate account, money is sent to many sources/assets such as crypto currencies, bullion, payment account (to gain trust and hide laundering), foreign funds transfer, individual-to-person transfer, etc.

12) Examples have been seen where shell companies with dummy directors, rented MCA registration certificate, fintech companies, payment gateways, are said to have involved in the execution of financial fraud, which mostly use UPI as payment mode. The main objective of opening shell companies is to create an current account or fintech company to accept or pay income received from fraud. Most of these shell companies appear to be technology companies formed as ‘Technology Private Limited’ and most are registered with Bengaluru ROC.

13) UPI addresses are used to make layering behind the aggregators, which facilitates disposal at the end of the day.

14) The aggregator concept on the aggregator is used by these players (fraudsters) to hide their identity. The traders rode on ‘Finntech players’ (eg ABC company aboard the payment aggregator) fraud. The network of fraudsters starts creating a payment aggregator business directly in collaboration with banks or other fintech companies. The fraudsters will be sitting behind the pay-aggregator or directly as a businessman. The money payment collected by the fraudsters as a sub-aggregator and/or merchant is sent to the aggregator from where API (app)-based payment is made. After the aggregator network is established, accounts are operated to pay by fraudsters located outside India.

15) Accounting professionals, foreign nationals (Cambodia, China, Dubai, Nepal, Philippines, etc.), payment aggregators, points of sales terminal for SIM cards, etc. are also reported to be involved in such fraud.

16) Gold, crypto currencies, international money transfer by law enforcement agencies (LEA) is seen as a general closing point of fraud.

Table of Contents

Advice to the general public while using digital services

The respected customers of the bank are advised to always get contact information like bank officials, offices, branches email addresses, mobile numbers and landline number from the bank’s official website i.e. Svcbank.com.
Information available on various places/various websites cannot be updated/It may be misleading/incorrect information and it can target customers.

Mobile Banking Safety Advisor Alert

Before downloading, verify the name and publisher of the app.
Download the apps from the app store only for Google Play Store and iOS.
Verify the app permission and block the unwanted permission.
Check and verify the app notification for reality.
Keep the mobile anti-viruses and keep update and OS Keep updates.
Be careful when browsing web sites through mobile browser and advertisements.

Advice to customers for mobile banking

Secure your account, register your mobile number and get transactions related SMS alerts.
Beware of fishing attack! Fishing is a technique that is used by scamsters to get illegal. information, such as internet banking user ID and password, debit card number and ATM PIN etc.
It appears that e-mail has been sent by a bank or a well-installed organization providing online services. The content of the e-mail has been designed in such a way that the recipient has a feeling of urgency, for example–“We are advanced to make it more secure. Therefore, click on the link below and provide your internet banking user ID and password as soon as possible; otherwise your internet banking services will be inactive.” Customers from major banks around the world are targeted by such fishing e-mail.
Never respond to your internet banking password seeking email.
Never share your account number/card number/PIN/Password/OTP with anyone on phone, SMS or email. This can cause fraud. The bank never asks for such information.
If this has not been done yet, please register your mobile number for SMS alert in the bank.
In case of changing your mobile number registered for SMS alert, please inform the bank in writing immediately.
Do not write a pin number on the card or anywhere else. Please remember this.
Please change your pin/password from time to time due to security reasons.
Never share card details, PIN, CVV, OTP etc. with anyone. The bank does not ask for such information from any customer. Therefore, no information should be shared on the telephone, even if the person calling from the other end presents himself as a bank officer.
If your debit card is not working for any reason, please contact the concerned branch to issue a new card.
Please do not leave your mobile with others.
Please check the transaction alert sent by the bank through SMS and contact your branch immediately in case of any discrepancy.
Always keep your debit card safely with you.

For mobile banking users

DO:

Set the password of the mobile phone and do not tell anyone the password.
Smart phones with GPRS are sensitive to viruses, so install the latest antivirus software in the user’s mobile phone.
Download and run security updates and patch on the user’s mobile browser. This helps in protecting from known potential security problems.
Install a firewall on the mobile handset or enable it if the handset comes with a firewall.
Remove regularly stored temporary files and cash in the phone’s memory, as they may contain any sensitive information like account number.
Clean the browsing history regularly.
Instead of clicking on any link, type URL for mobile banking in mobile browser. This will ensure access to the authentic website of the bank.
Remove spam messages/mail.
Be aware of the possibility of fraud SMS messages. The bank will never request or invite customers to log on to its mobile banking service through SMS message.
Check that the safety pedallock on the Internet browser is “locked”, so that the connection is safe and preserved by SSL. The user should also check that the URL starts with https’ and not with ‘http’.
Avoid transactions or applications in public places. This helps reduce the risk of safety hazards such as “shoulder surfing” of mobile banking credentials.
Keep mobile handsets in auto lock mode to provide additional protection.
Monitor your account regularly and always keep a record of user transactions.
When using Wi-Fi access, ensure that adequate safety measures have been applied to protect the mobile handset from the attacks of viruses and other Wi-Fi users.
Turn off the Bluetooth function of the handset if not used. It prevents virus attacks.

Do not do:

Do not share mobile banking credentials (user ID, password) with anyone.
Do not share mobile handsets with incredible people to restrict unauthorized access.
Do not allow others to reach your mobile phone before logging out of sites (banking/financial/shopping).
Beware of online offers that require an account details for ‘verification’. Do not disclose any information related to the account like password, account number etc.
Do not leave the mobile banking application session without looking. Always sign off with one session.
Do not follow any URL in such messages that the user is not sure.
Do not download any file from any site (eg application, games, pictures, music etc.) or any email attachment that you are not sure.
Do not download any software from the website without confirming the safety and privacy facilities.
Do not log on to mobile banking applications from mobile handsets shared with other people, as it can be difficult to ensure that the handset is free from hackers or spyware.
Do not save user ID, password in the T9 dictionary of the phone. This helps in reducing the risk arising in the event of a mobile phone being lost or stolen.

Advice to customers when using internet banking services is safe and convenient, provided you take some simple precautions

Please make sure you follow the advice below:

Go directly to our internet banking site. Avoid reaching the site via any other site or email and verify the domain name displayed to avoid fake websites.
ignore any e-mail seeking your password or PIN and inform us to check it. Neither the police nor we will ever contact you and ask you to ask for information about your online banking or payment card pin or password.
We advise you not to use cyber cafes/shared PCs to reach our internet banking site.
We recommend you to update your PC regularly with the latest anti-virus and spyware software. You can install safety programs for safety from hackers, virus attacks or malicious ‘Trojan Horse’ program. It is recommended to install a suitable firewall in the computer to protect your PC and its content from outsiders on the Internet.
Disable the ‘file and printing sharing’ facility on your operating system.
Log off your PC if not used.
Do not store your ID/PIN in Internet Explorer browser.
Check your account and transaction history regularly.
Follow our advice – Our websites are usually a good place to get support and guidance about staying safe online.

Advice to the customer while using ATM card / debit cards

Always keep the card with you.
If you have lost your debit card, to avoid misuse of the card by someone, inform immediately via SMS on 9820620454 to host the user card.
Cut the card issuer and cut off any unwanted or expired card by cutting the card and unwanted or expired card into at least two pieces.
It is recommended that small details should be prepared regularly for matching/checking of transactions.

Suggestion while handling PIN

Please sure when receiving PIN make sure that envelopes and safety documents have not been tampered with. In case of molestation, contact the base branch immediately and do not use the pin.
Do not keep the pin with a card. Always remember the pin and destroy the pin meller.
Change ATM/Debit Card PIN through SVC ATM as soon as it is first used.
Change the PIN number repeatedly or when it feels that it is tampered with.
Do not choose a pin that is clearly associated with the user – such as telephone number, birthday, road number or popular sequence number (1111, 1234 etc.). Choose a random combination of numbers.
Never write or record the user PIN or other safety information on a card or by others to accessible places.
Do not tell any security information on the user’s PIN or card to anyone. Neither the bank nor any authorized agency will ever ask you to reveal your PIN. In case of any such incident, please note the details of the caller and report to the nearest branch for appropriate action.

Precautions when using the card for Point of Sale (POS)

Always ensure that the card is swipe only in your presence while paying on POS.
PIN or no safety information does not share details related to anyone.
Always check the debit card while returning after shopping.
Ur a copy of the receipt and keep it with you until the account details are checked.

Precautions when using the card at ATMs

Do not make any transactions at the ATM if you find the surrounding environment suspicious. Keep an eye on suspicious equipment on ATM or PIN pad.
Do not accept help from strangers/guards and never allow yourself to be distracted.
Always make sure while doing transactions that no one is present around the ATM machine.
If there is anything unusual in the ATM machine, or there are signs of machine tampering, do not use the ATM machine and report to the bank immediately.
Use your body to block the view of user transactions. Especially while entering PIN and withdrawing cash.
Do not throw out the receipts and short details or remaining inquiry slips with important information. Every time the user does ATM transactions, they get a receipt. To tear the user’s cash machine receipt, mini-statement or balance inquiry while disposing of it or it would be better to make it pieces.
Remember to withdraw your card after completing the transaction.
If the ATM machine does not return the card, the user should immediately report its loss to the bank/branch on the numbers displayed in the SVC ATM.

Safety measures when using the Internet/Debit Card for online shopping/ecommerce transactions

Ensure the website address before using the website for online shopping. Always type the website address in the address bar or bookmark the websites used frequently.
Never enter, confirm or update details related to net banking/card in pop-up window.
Shop only from safe and iconic websites – make sure the safety icon, locked pedallock or unbroken key symbol, is visible to the right below the web browser window before sending your card details.
Click on the safety icon to ensure that the retailer has a valid encryption certificate – the address given on this certificate should suit the address given on the address bandage. In the certificate, the identity of the website should be ensured and the validity of the date of the current day should be within the validity date.
Users should not answer such online offers in which “for verification” user account details are required.
Users should have complete knowledge about any payment commitment they are made, including instructions for a series of single payments or payments.
Transactions of utility payments are advised to save receipts on their hard disk, which should also be printed. In case of mismatch with internet transaction history, it may be referred to or the bill already paid may be visible in the next billing cycle.
To get alert of specific transactions made through internet banking/debit cards, the user should register for SMS alert through ATM/branch.
On shopping using safe connections, the introduction of the internet address of the retailer will turn from ‘http’ to ‘https’.
The user should use only reliable sites, for example the sites that the user knows or who have been recommended to the user or on which the trust logo.
Avoid signing up for junk mail – as a result, pre -filled applications can be sent to a address.
If the user has any doubt in giving the user card details, find another method of payment.
Keep password secret. Before purchasing in some online stores, the user may be required to register through the user name and password. The online password, which also includes the verified password by the user issuer, should be kept secret from the external sides in the same way the user protects the user card pin. Keep login information safe and secret.
Never send information about payment through email. Information traveling on the Internet (eg email) is not completely safe from being read by outside aspects. The most reputable traders use sites using encryption techniques that will prevent the user’s personal data from being accessed by others as the user makes online transactions.
Never click on hyperlinks in e-mail. If you are sure that the company is real then type the URL directly to the Internet browser address bar, or call the company on the contact number already verified or real.
Do not allow websites or traders to store card information. The exchange of encrypted transactions would be better than allowing storage of identification information on the data base.

Read Also:

1523000cookie-checkCyber Crime / Part -Time Job / Pongi Scheme Scam Through Fraud / Investment

Name	Domain	Purpose	Expiry	Type
_ga	altechbloggers.com	Google Universal Analytics long-time unique user tracking identifier.	2 years	HTTP
IDE	doubleclick.net	Google advertising cookie used for user tracking and ad targeting purposes.	2 years	HTTP

Name	Domain	Purpose	Expiry	Type
_ga_GSZLHBGB35	altechbloggers.com	---	2 years	---
jetpack_post_subscribe_modal_dismissed	www.altechbloggers.com	---	1 days	---