More and more techniques of doing frauds are being used these days by attackers. Almost everyday we hear of some sort of online scams where attackers steal data or money using unheard techniques. Social engineering plays a big role in most of these fraud attempts. Another such category of frauds is Top up Frauds where the attacker uses a phone call to steal money from the users. We shall read about top up frauds and safeguarding technique.
So.. What are Top up Frauds?
Such kind of frauds begin either with the theft of the physical card or with the compromise of data associated with the account. For this, you get a call from a person claiming to be an authorised representative from your bank or could even be claiming to be a Spicemoney representative. Sometimes the attacker already has your card info from leaked databases or perhaps he found the “secret paper” where you wrote your card details and then forgot about it. And when he doesn’t have the card details, the so called representative (attacker) lures you into revealing your card details such as your 16 digit card number, CVV, expiry date etc by telling you that you will get some kind of benifits ( e.g. more commission on transactions ) if you verify your card or link your card with Spicemoney account or bank account.
And to get those promised benifits, people share their card details. if you verify your card or link your card with Spicemoney. And to get those promised benifits, people share their card details.
And the attacker uses those details to add money to their accounts or wallets. But, even after adding those card details, he still needs to enter the OTP (one time password). So the attacker calls you again or keeps you on hold for further verification and then asks you to share the OTP. While the victim is naive enough to share that OTP expecting that he will get those promised benefits , the attacker loots out his money. Now, though, Govt has put some limit on maximum amount per transaction, attackers use this technique several times to empty the victim’s accounts.
What can you do about it?
You must safeguard your card details and learn to identify social engineering attacks. Here are few things you must take care of-
- Beware of Phishing :Phishing is a scam technique to trick consumers into revealing personal information, including credit card numbers. It can happen via email, phone or sometimes text also. Be wary of requests for personal information, regardless of the source. Always verify the legitimacy of those requesting your credit card number at your level.
- Avoid using your cards on public computer : Shared or public computers such as of cyber cafes often contain malware and keyloggers. It is very much possible that whatever you type is being recorded including your card numbers. That is why some banks provide virtual keyboard on their sites. Make a habit of using it.
- Never provide credit card information over social media.
- Never share OTPs or any other codes that you receive via SMS or email with anyone.
- Never share your cards details over call or email even if the other person claims to be a legitimate bank authority.
- Carry your cards separately from your wallet. It can minimize your losses if someone steals your wallet or purse. And carry only the card you need for that outing.
- Don’t let other people use your card. Never share your details with anyone.
- Shred unwanted documents that show your credit card number.
- Trust your instinct. If a website seems shady, don’t use it.
- Act fast when your wallet is stolen. Your first task is to cancel those credit cards.
- Monitor your financial statements. Review credit card and bank statements to make sure you recognize transactions. Using a card issuer’s smartphone app and setting up text notifications are ways to stay updated.