Featured Articles

 Extract from BOI cyber caution notes

www.cybercrime.gov.in OR call on 1930.

Best Practices
1. Think before you click. Fight the phish. Don’t get phished.
2. Review your bank statements and transaction history regularly to spot any unauthorized transactions. 3. Protect your device with a strong PIN/Password or Biometrics and enable auto lock setting in mobile phones/ Laptops/ other devices.
4. Keep your system and Antivirus up-to-date with regular patches. Use authorized and licensed software only.
5. Don’t share any sensitive information with any unauthorized or unknown person over telephone or through any other medium.
6. Don’t use the same password in multiple services/websites/apps.
7. Regularly clear browser history/cookies/cached memory after confidential activities/transactions.
8. Download Apps from official app stores. Before downloading an App, check the popularity of the app and read the user reviews. Observe caution before downloading any app, which has a bad reputation or less user base, etc.
9. Keep the GPS, bluetooth, NFC and other sensors disabled on your computers and mobile phones, when not required.
10. Don’t share system passwords or printer passcode or Wi-Fi passwords with any unauthorized person.
11. Scan USB device with Antivirus/Endpoint Protection before its use. Disable USB devices if not needed.
12. Be wary of fake advertisements/sponsored contents on search results or websites.
13. Be cautious of public Wi-Fi. Information shared over public network may be misused. Do not use any public computer or Wi-Fi for carrying out financial transactions or do online shopping.
14. Be cautious before revealing your location over internet. Be Vigilant, Not a Victim.
15. Always use Multi Factor Authentication for social media accounts.
16. Immediately, change password which might have been shared or compromised.

Phishing is an unethical way of stealing confidential, personal,
professional & financial data through fake emails and links.
MODUS OPERANDI:
- Lucrative offers difficult to be true.
- Urgent/threatening language.
- Strange or abrupt business requests.
- Requests to install some App / click on unfamiliar hyperlinks or attachments.
- Requests to share Money / Banking credentials / personal information.
- Spelling errors and poor grammar.
- Sender’s e-mail address doesn’t match, the display name of sender.
PRECAUTIONS:
- Avoid clicking on any links or replying, rather just delete the email.
- Block the sender.
- Never install any App through link shared via E-Mail or SMS Link.
- Don’t Share OTP / PIN / Passwords to Anyone.

Screen Sharing
MODUS OPERANDI:
- Fraudsters trick the customer to download a screen sharing app.
- Using such app, the fraudsters can watch/ control the customer’s mobile/laptop
and gain access to the financial credentials of the customer.
- Fraudsters use this information to carry out unauthorized transfer of funds or
make payments using the customer’s Internet banking/payment apps.
PRECAUTIONS:
- If your device faces any technical glitch and you need to download any screen
sharing app, deactivate/log out of all payment related apps from your device.
- Download such apps only when you are advised through the official Toll-free
number of the company as appearing in its official website. Do not download such
apps in case an executive of the company contacts you through his/her personal
contact number.
- As soon as the work is completed, ensure that the screen sharing app is removed
from your device.

UPI Request Money Fraud
MODUS OPERANDI:
- Use UPI app’s “request money” feature.
- Persuade you to enter your UPI PIN.
- Your money ends up in the scammer’s account.
PRECAUTIONS:
- To avoid Request money scam, always remember followings points:
- While receiving money, UPI PIN is not required.
- Your UPI PIN is only required when you make the payment.
- If you receive a fake money request, refuse it and report it as fraud attempt on Govt. portal given below.
- Never pay advance money without verifying the identity of the person.
- On platforms like OLX, Quikr, and others:-  Do not pay a vendor in advance.
-  Always pay for your purchases, when they are delivered to you.

Job Offer Scams
MODUS OPERANDI:
- Fraudsters use text messages to entice victims with part-time jobs.
- Victims who join a chat group are given simple prepaid tasks and an initial payment.
- They are then presented with a fake high-return investment plan, leading to small initial investments.
- As minor profits roll in, victims are manipulated into larger investments.
- When victims attempt to withdraw funds, the platform requests payments for withdrawal fees.
- Fearful of financial loss, victims pay these fees, only to discover that the platform crashes, taking all their money. This is how the scam reveals itself.
PRECAUTIONS:
- Be alert on job offers with high pay for minimal effort qualifications or guaranteed employment.
- Thoroughly investigate any potential employer by checking their official website, address, and contact details.
- Exercise caution with emails or texts from unknown companies, as scammers might use them to collect  personal information.
- Don’t share sensitive data like bank details, or IDs on initial job applications.
- Legitimate employers won’t request upfront payments, like fees for background checks or training.
- Be suspicious of any such requests.

Ransomware Threats
MODUS OPERANDI:
- Threat actors send emails with malicious links or attachments disguised as legitimate files (e.g., PDFs, Office documents). They also use malicious advertisements on legitimate websites which redirect victims to websites hosting ransomware.
- Once executed on a system, ransomware starts encrypting files using strong encryption algorithms. Encrypted files become inaccessible to the victim, who receives a ransom note demanding payment in cryptocurrency (e.g., Bitcoin) to decrypt files.
- Fraudsters further instruct to pay the ransom and often threaten to delete files or sell it on dark-web.
- Paying the ransom does not guarantee file recovery or removal of malware, and this encourage further attacks.
PRECAUTIONS:
- Ensure regular back up of important files to an external hard drives, tapes, or cloud storage service.
- Regularly update operating system, antivirus software, and applications from legitimate OEM websites to protect against vulnerabilities.
- Avoid opening attachments or clicking on links in emails from unknown or dubious senders.
- Install licensed and effective antivirus software and keep it up to date to detect and block ransomware and other malware threats.
- Learn to recognize phishing attempts, where attackers attempt to trick you for revealing sensitive information or installing malware.
- Install software and files from trusted sources only. Verify the authenticity of websites before downloading anything.

QR Code Scams
MODUS OPERANDI:
- Fraudsters often contact customers under various pretexts and trick them into scanning Quick Response (QR) codes using the apps on the customer’s phone.
- By scanning such QR codes, customers may unknowingly authorize the payment to fraudsters account.
PRECAUTIONS:
- Be cautious while scanning QR code/s using any payment app. QR codes have account details embedded in them to transfer money to a particular account, check it before authorizing the payment.
- Never scan any QR code for receiving money. Transactions involving receipt of money do not require scanning barcodes / QR codes or entering mobile banking PIN (m-PIN), passwords, etc.
- If you use UPI mobile app, ensure to secure it with a code.
- Never share your UPI ID or bank account details with people whom you do not know.
- Never share OTPs with anyone.

Investment Scams
MODUS OPERANDI:
- Fraudsters lure people by promising for quick and high returns.
- They persuade you to invest money in such schemes, which actually are Investment scheme scams.
- They offer money against simple jobs i.e. like the YouTube videos shared via links to earn money.
- Fraudster gives you high profits in first few days to gain your trust and adds you in a fake Whatsapp /Telegram group. showcasing false profits made by others.
- Then they slowly pressurize you to invest more money.
- As you sufficiently invest more money, fraudster asks extra fees from you to withdraw your profit.
- They disappear in between, leaving you with no money.
PRECAUTIONS:
- Do Your Research: Before investing in any scheme, check thoroughly about the company and person offering the opportunity. Look for any warnings from regulators on that company, application, personnel etc.
- Verify Credentials: Make sure that the person/company is having license and duly registered.
- Avoid Hasty Decisions: Don’t rush into making decision and invest money. Legitimate
investment schemes will provide you sufficient time to think and consult.

AePS Frauds
Guard Your Biometrics: Outsmart AePS Fraud Tactics
MODUS OPERANDI:
- Cybercriminals use Aadhaar numbers and other information obtained from various sources such as scanned copies and digital records.
- By using dummy fingers (silicone fingers) that contain impressions of your fingerprints and unauthorized biometric devices, they gain access to your bank accounts.
- Once successfully authenticated, they transfer money from the bank account using the dummy fingers and immediately withdraw the money.
PRECAUTIONS:
- Regularly check your bank statement.
- Be careful while sharing Aadhaar details.
- Always try to use a masked Aadhaar/ DigiLocker instead of an Aadhaar card.
- Lock Aadhaar and biometrics via the m-Aadhaar application or https://uidai.gov.in/ and unlock them as and when required.
- Register your AePS fraud complaint on https://www.npci.org.in/register-a-complaint

Digital House Arrest
MODUS OPERANDI:
- Fraudsters set up a fake police station with actors posing as officers. They create a convincing background to appear legitimate during video calls.
- Victims receive video calls from these officers who present fabricated charges with arrest warrants.
- To avoid digital arrest or legal action, the victims are coerced into transferring money to the fraudsters accounts.
PRECAUTIONS:
- Always verify the identity of the caller independently. Contact the relevant law enforcement agency directly using official contact details.
- Never provide personal or financial information over the phone or video call unless you are certain of the caller’s identity.
- If you suspect a scam, report it to local cyber police authorities immediately.
- Report fraudulent communication on Chakshu Portal https://sancharsaathi.gov.in/sfc/

Deep fake AI-powered Vishing Attacks
Attackers impersonate familiar voices to trick you into revealing personal information or sending money to them.
MODUS OPERANDI:
- Fraudster pretend to be from government agencies, banks, or even your known persons by using Deepfake Al to mimic their voice.
- They create urgency and pressure, to manipulate you to take quick decisions.
- They often sight emergencies, legal issues, financial problems, or reputational harm, urging you to act fast without thinking clearly.
PRECAUTIONS:
- Never share personal information or transfer money hastily without verifying caller identity through official channels like helpdesk numbers on official websites etc.
- Be wary of urgency tactics, take your time to verify the situation before making a decision. Discuss with your well-wishers / other persons having exposure to referenced agencies.
- Be cautious with unknown calls and messages. Don’t click on suspicious links or attachments received on Emails and SMSs.

Extracted from : https://bankofindia.co.in/documents/20121/408538/BOI_CYBER_STAR-2024.pdf