There are thousands and thousands of incidents to show how technology is being used to commit fraud these days. In fact, no one can deny that information technology (IT) has become indispensable today. But the pervasiveness of IT has also given rise to concerns over privacy and data protection. Instances of technology-led frauds are affecting individuals and business alike, giving rise to concerns regarding the adoption of technology in day-to-day activities as well as critical business functions. From ATMs to mobile phones to emails, nothing is sacrosanct from fraud these days.
So what goes and what is the way out? "Advancement in the field of technology has led to increase in fraud. Technology-led fraud is on a rise due to ease and high availability of technology such as high-end computers, smartphones, peripheral devices, and high speed internet," says Arpinder Singh, Partner & National Director - Fraud Investigation & Dispute Services (FIDS), Ernst & Young.
In fact, technology has become an essential part of our lives, and most of our daily activities include (a) interacting with family and friends over phone/chat, (b) social networking, (c) online bill payments and fund transfer/online investments, (d) entertainment, and (e) official work.
Additionally, with the vast variety of gadgets to handle, it becomes difficult to control and manage information and vulnerabilities associated with these devices. On an average, a professional person would be handling up to 10 or more devices. (2 smartphones, tablet, 2 laptops (home/office), hard drives, pen drives, memory sticks, cameras, gaming consoles, multimedia hard drives etc.)
No need to mention here that all this sounds scary. However, if we are using technology in our day-to-day life, then we also need to know how such frauds are usually committed and how to steer clear of them.
Here we take a look at some of the modalities of technology-led fraud
SOCIAL ENGINEERING
Social engineering takes place when people are manipulated into divulging confidential information or performing actions for others who aren't authorized to do them. Social engineering is performed for the purpose of information gathering, fraud or unauthorized access to computer systems and confidential data.
Examples of social engineering
Unknown fellow commuter asking you details about your work / personal life
Fraud interview calls / foreign jobs offers
Email received from unknown / hacked email account that contain fraudulent link or attachments.
INTERNET SCAMS
Internet users get a lot of scam emails which look like the following:
"You have won a prize... please send us xxx amount as shipping charges to send you your prize"
"Congratulations! You are our lucky draw winner... kindly give your account details so we can transfer your reward money"
"You need to update / verify your personal information... click on the link below..."
"Please donate for my ailing daughter who has to go through an expensive cancer operation."
These are a few ways how fraudsters trick you to provide them with your personal / banking details or lure you with a gift / travel coupon / movie ticket etc so you can transfer money to them.
"Fraudulent links in emails direct you to phishing sites that ask you to enter your personal information / user ID / password or other details. Email attachments or counterfeit software available on the internet contain malicious content that is capable of causing harm to your system or capture sensitive information from your system in stealth mode and sent to fraudsters," says Singh.
TELEPHONE
You may get calls from tele-executives claiming to be from certain company who have called you to help you with a security fix on your system or to verify certain details about you or from a charitable trust asking you to donate money for people in need.
Examples
1. Telephonic technical support scams
Cybercriminals may call you on the telephone and claim to be from a certain technical support. They might offer to help solve your computer problems by taking remote access to your computer. Once they have access to your computer, they can do the following:
Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords.
Adjust security settings of your computer to leave your computer vulnerable.
Request credit card information so they can bill you for telephone support services.
Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.
2. Fraud Interview call letter
You may get fraud job emails saying that you have been shortlisted / selected for a job. However you have to transfer some amount to an account so that they can arrange for your travel and accommodation.
3. Scareware
A tactic frequently used by fraudsters that involves convincing users that a virus has infected their computer, then suggesting that they download / buy fake antivirus software to remove it. The fake antivirus is often a malware that can harm your system.
Scareware can attack you in any combination of following different ways:
Accessing your credit card: scareware will deceive you into paying money for fake antivirus software.
Identity theft: scareware will surreptitiously invade your computer and attempt to record your keystrokes and banking / personal information.
'Zombie' your computer: scareware will attempt to take remote control of your machine to serve as a spam-sending zombie robot
HOW TO PREVENT TECH FRAUD
Now after knowing the tricks of fraudsters, we also must learn how to prevent technology-led fraud.
"The best way to fight fraud is to learn how to avoid it. Education is the answer to prevent one from being victim of technology-led fraud. Hence one should be informed of various methods used by fraudsters to conduct fraud and always exercise precaution while dealing with technology," says Jaju.
Install security and scanning software onto your computer to protect it from online hacking.
Avoid using shared terminals for internet banking.
Do not use your name, date of birth, address or any other personal information for passwords. These passwords are easily cracked by hackers. Also do not use a dictionary word as there are hacking programs that will attempt every word in the dictionary.
A complex password which includes combination of alphabets (lower case & upper case), numbers, symbols etc and minimum 8 characters is advisable. Change your password regularly.
For internet account recovery options use phone verification and/or security question. Be sure the answer for security question is not known to anyone.
Never disclose personal information in response to an email.
Do not open email attachments received from unknown email IDs.
If you are concerned about an email you receive from a company, contact that company by phone to verify the information. If there is a web link provided in the email, type it directly into your browser instead of using the link or copying and pasting it, as some links can be redirected to other sites.
When giving personal information over a website, check to make sure that site is secure. Look at the first part of the web address in your browser. It should be prefixed by "https://" and not "http://".
Regularly check your credit card and bank statements and keep track of your transactions. Also, log into your online accounts frequently. This way, you will be able to notice any changes to your account soon after it happens.
Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
To avoid telephonic fraud
If you get a call on behalf of a bank for purpose of verification of account details, ask them their full name, designation and the department in which they work, what details they need and why. Chances are it is genuine verification call. However if they ask you for confidential information then hang up immediately (most of the banks never ask for personal information on phone).
Call back the bank on the number provided on their website and confirm with them if any such verification was initiated from them. If not, inform them of the call you received.
If you get a call from an unknown person claiming that your family member / friend is in trouble and needs money. Disconnect the call and call your family member / friend directly or call a common friend to confirm.
Do not entertain tele-executives who talk fast or are in a hurry to get information from you. It is trick used by most fraudsters to put pressure on you to act in haste before you have time to think.
Ask for a written communication for various offers provided to you on phone.
Keep your Bluetooth connection in off mode when not required and do not accept requests from unknown devices.
Do not jailbreak/root or hack your smartphones or tablets and install applications from unauthorized sources (app markets such as Cydia, Installous). These applications might be bugged to steal your information.
Always ensure that you encrypt any external data source such as hard drive, pen drive, mobile or camera memory card. Always remember to securely wipe your phone and memory card before disposing or selling it.
Use applications and websites such as truecaller to confirm the genuineness of a phone number.
WHAT TO DO IF YOU'RE A VICTIM
Despite taking all these precautions, what should you do if you ever become a victim of any technology-led fraud?
Experts suggest that as a precaution, you should enroll your credit/debit cards to hotlisting and insurance agencies such as CPP that let's you block all your debit/credit cards with one phone call. You should also inform the bank immediately to freeze your bank accounts to prevent any further financial damage.
Additionally, you should report the incidents immediately to the Cyber Crime Investigation cell. The List of Cyber Crime cells in India is available on the following link:
"You should also immediately disconnect internet access to any compromised or possibly compromised devices to prevent any further exploitation and data leakage," says Singh.
If followed carefully, these simple tips to a large extent may help you avoid being a victim of any technology-led fraud.
Source:-The Economic Times
No comments:
Post a Comment