As our nation takes a leap towards digitization, Internet becomes an integral part of our daily activity. But the boon of Internet also poses some threats – cyber threats – a common threat for individuals, enterprises or anything that exist on the Internet.
We, at Ujjivan Small Finance Bank, acknowledge the crisis and resolve to provide optimal security to your data and transactions. We also feel that your active involvement in knowing more about cyber threats or scams is equally important for your safety of your money.
You are your first line of defence against the Internet frauds. You can safeguard your information from the cyber threats by embracing safe practices while you are on the Internet, which is almost all the time. Also, being aware of the threats empowers you to become more cautious.
So, let’s get to know about cyber threats in detail and also about some common scams that robbed many people of their money.
The system of internet-connected devices is called the 'cyberspace', and any attempt to disrupt, damage, or deceive any entity via the cyberspace is known as a 'cyber threat'.
Hackers or cyber criminals try to steal vital information related to an individual, or an enterprise, using various methods and modus operandi. This psychological manipulation of people into performing actions or divulging confidential information is called 'social engineering'.
Phishing/ Social Engineering Attack:
Perpetrators use human interaction or psychological manipulation to obtain information about an individual, or an enterprise, from its systems that are connected to the Internet.
Through Social Engineering, the hacker tries to steal your vital information by manipulating you or by playing psychological tricks. They can try persuading you to make a payment or visit a fake website. Also, they push you to give away your account information by presenting fake scenarios.
Social Engineering is a broad category, with Phishing, as one of its types.
Source: https://shutr.bz/2QNBxis | © Fireofheart
In Phishing, an attacker or hacker uses emails as his/ her tool for deception. You, the victim, receive an email with hyperlinks that redirect you to a malicious website, often a dummy of the official website of a bank or a trusted organisation. The attacker seeks information via email, and when you respond with the data, the hacker misuses it to siphon money from your bank account.
Source: https://shutr.bz/3be2kh0 | © Abscent
Preventing a Phishing Attack
In case of a suspicious email, you should try to verify the sender's identity with the company or the organisation. Move your computer cursor over the link and see what it shows. If the displayed link differs from the written link, do not click on it.
Tips to avoid Phishing:
- You should check for any dissimilarity between the sender's email address and the Bank's actual web address (domain – the part after the ‘@’ sign)
- You should look for grammatical mistakes, missed spellings, and formatting errors. An official email from us will always be professionally worded
- You should not click on any suspicious link
Source: https://shutr.bz/3m0OGTk | © Sabelskaya
What is Vishing/ Whishing?
When Phishing attacks are carried out using voice communication (phone calls), it is called Vishing or Whishing. In this kind of fraud, an attacker calls you primarily using VoIP (Voice over Internet Protocol) to hide or spoof their ID. Sometimes, the hackers may try to pressurize you by presenting an urgent scenario, manipulating you to give away vital information or act in haste.
Tips to avoid Vishing/ Whishing:
- Ignore any calls you receive from individuals claiming to be someone from the Bank, and asking for passwords, OTP, or card/ account details
- You can block the number and immediately report the call to the local police station and to us on 1800 208 2121
- Do not panic under such circumstances
Source: https://shutr.bz/2ZdNS40 | © moj0j0
The modus operandi of a Smishing attack is like a Phishing attack; the only difference is that it is carried out using text messages or SMS.
Tips to avoid Smishing:
- Ignore any text message you receive from a stranger, claiming to be someone from the Bank, asking you to call another number, or seeking your passwords, OTP, or card/ account details
- You should block the number and immediately report it to the local police station and to us on 1800 208 2121
- You should never share your passwords, OTP, or card/ account details with any person, or call back on a number, even if they claim to be from the Bank
Source: https://shutr.bz/31JOWOH |© onmyvespa
A spoofing attack happens when a hacker/ attacker tries to obtain personal information or persuades you to make an online payment by pretending to be a legitimate/ original business entity by creating duplicate websites, email IDs, or other methods, e.g., payment gateways.
Tips to avoid Spoofing:
- If you receive a suspicious text or an email from a number or an ID that looks familiar and it asks you to perform some action or share banking credentials, call the person to confirm if it is really him/ her
- Do not make any payments or click on any link shared in such emails
- When using a payment gateway, see if the web address starts with https:// instead of http:// or look for a padlock sign at the beginning of the address bar
Source: https://shutr.bz/3lKSTL9 | © bsd
Card Cloning/ Skimming and Swapping
Card Cloning/ Skimming is a widespread practice for stealing money from a debit/ ATM card. Scammers attach an undistinguishable cloning tool to the ATM. Unaware of the malicious device, you swipe your card. The machine reads the magnetic stripe on the card and stores the information. The scammers obtain the PIN by setting up a camera or a special cover over the keypad of the ATM that tracks the finger movement/ fingerprints. Once they get both the information, the scammers create a new card and fish the money out of your account.
There is another common method called Card Swapping. Scammers replace your original ATM/ Debit card with a dummy card and steal your money after they obtain the security PIN.
Taking precautionary measures eliminates the chances of any debit card frauds that you may face otherwise.
Tips to avoid ATM Frauds:
- Ensure that your transaction is private
- You should look for any suspicious device attached to the ATM
- Never seek help from strangers while using the ATM
- Ask your bank for a chip-based card
- You should never handover your card to someone else/ share the ATM PIN to avoid card swapping
- You should not make payment via untrusted/ suspicious websites or payment gateways
An Image of a Debit Card without a Chip
An Image of Ujjivan Bank Debit Card with a Chip
Note: All of Ujjivan’s ATM’s are equipped with Anti-Skimming machines to protect you from Skimming frauds.
Source: https://shutr.bz/3lAgY73 |© PRESSLAB
Determining the Safety of a Website
When you visit a website, especially the ones that allow payments, look for a sign of a padlock on the address bar or see if the web address starts with https:// instead of http://
You can also click on the 'padlock' sign to read the information about the security certificate and see who it has been issued to.
At Ujjivan Small Finance Bank, we take every effort to protect our systems from unauthorized access and other rapidly evolving threats by deploying award-winning, future-ready security measures. We understand ensuring cybersecurity is an on-going endeavour and, therefore, regularly invest towards upgrades and enhancements.
Despite stringent policies, and round the clock vigilance, some mishaps may happen. Therefore, to achieve enhanced security, we urge you to embrace the safety precautions and protect yourself from cyber threats:
- You should not share account-related information (like customer ID, passwords, OTP) with anyone
- Remember that the Bank or any of its employees or associates never ask for your OTP or PIN
- You should ignore suspicious emails seeking your account number/ credit card/ debit card details
- You should avoid writing the PIN on credit or debit cards/ the cover of the cards
- You should keep an eye for skimming/ cloning tools on the ATMs
Please remember, the bank or any financial organization can only introduce policies and take security measures to ensure your safety. However, only you possess the power to prevent the frauds by being aware and not falling prey to the scams.
Ensuring Customer Security
To secure the data and information of our customers, Ujjivan Small Finance Bank has institutionalized multiple protocols and best practices. Here are some of the features that can help you differentiateofficial email communication from the Bank:
- We will always address our customers by name
- We will never ask you to visit external websites where you are required to enter your security information
- We always use suitable encryption and authentication mechanisms to ensure secure transactions
- We will never claim that 'your account may be closed if you fail to confirm, verify, or authenticate your personal information via email'
- We will never claim the need to confirm account information via email due to "system upgrades"
- We will never ask you to reply with any personal information
If you feel suspicious about any email that claims to be sent by the Bank, please to write to us at email@example.com
Robust IT Infrastructure
Acknowledging the dynamic threat environment, we have taken multiple measures to ensure that every transaction is safe and that customers' information is not compromised at any stage. A few of these measures are:
- Implementing state-of-the-art security infrastructure to monitor potential threats, 24x7
- A comprehensive strategy, encompassing people-process-technology, is continuously reviewed in light of emerging threats
- A 24x7 Cyber Security Operations Centre that identifies potential incidents and responds to them, while recovering and learning from past incidents
- Our ‘Security Operations Centre’ embraces Artificial Intelligence, Machine Learning, Data Lake and User Behaviour Analysis
- Regular participation in cyber drills conducted by Institute of Development and Research on Banking Technology (IDRBT)
- Periodic disaster recovery drills are conducted for our technology infrastructure, to ensure the availability of critical services in the event of a disaster
- The Bank participates in meetings conducted by CISO Forum and Data Security Council of India to stay abreast with security best practices
- The Bank operates as per a well-documented Board approved Information Security Policy
Award-winning Security Policies and Practices
We have adopted an approach of continuous improvement when it comes to security. Our robust Business Continuity and Disaster Recovery plans are periodically tested to ensure that they meet any operational urgency.
Our proactive measures to ensure the customer security by constant up-gradation of the system and policies have earned accolades from the industry experts, winning prestigious awards like the 'Finnoviti Awards, 2019 For Best Innovation In IT' and 'DSCI Excellence Awards, 2018 For 'Security Practices In Small Finance Banks'.
RBI's Advisory on Safe Banking Practices
On 11th March 2020, the RBI Governor, Mr. Shaktikanta Das, issued an advisory titled Banking Landscape in the 21st Century. The commentary covers how the sector has unfolded in recent times, and how newer technologies are being implemented to fast- track user experience while introducing more safety features.
He said, "...Artificial Intelligence (AI), Machine Learning (ML), and Big Data are becoming central to financial services innovation. They can also help in fraud detection and in identifying better ways of monitoring the use of funds by borrowers, track suspicious transactions, etc. by processing large datasets. …".
The Governor's speech is expected to encourage Indian consumers to accept a more digital approach to the banking services as he said, "...Advanced analytics and real-time monitoring of emerging cybersecurity risks will be critical in detecting potential threats and enabling pre-emptive action." Read the full article here.
Protect Yourself from The Fraudsters: Your First Line of Defence
Safeguarding Banking Information from Scammers
- You should never share your account/ Credit/ Debit card details with anyone
- Please keep your ATM transactions private
- You should not respond to malicious emails, SMSs, phone calls
- Please check for signs of security on the webpage while making an online payment or transacting via payment gateways
- You should do your research about any app you wish to install on your smartphone
In Case of a Fraud or a Security Breach
- In case of a phishing/ vishing/ smishing attack, you should not give away your information
- You should inform the bank as soon as possible
- In case you lose your credit/ debit card, you should ask the bank to block the same and reissue a new card
If possible, change your passwords and PIN immediately.