cyber fraud

Introduction : We have seen a spate of cyber frauds in the recent past. The frequency and scale of the incidents has created a lot of concerns for the banks, regulators and customers. What do banks in India have to learn from these? Are they doing enough to ensure that we don’t end up as sitting ducks? What preventive measures to take to face this new menace? Before we consider these and other related questions, we need to understand the anatomy of cyber frauds. Cyber Fraud is a generic term used to represent transfer of funds by a fraudster (usually a well connected gang opening across borders) using the login credentials of a victim. The login credentials are obtained through phishing attacks or by using social engineering techniques.

How Cyber Frauds occur?: Frauds in manual payment system were mainly related to tampering of cheques or presentation of fraudulent cheques. These were detectable on close examination at bank level. However, in an e-payment scenario, funds are disbursed on genuine but stolen identities by the fraudsters. The establishment of liability in such cases has become an uphill task. The steps followed for a Cyber Fraud are as:

1. Malware coder writes malicious software to exploit a computer vulnerability and installs a Trojan
2. Victim gets infected with credential-stealing malware
3. Banking credentials are siphoned
4. Hacker retrieves the banking credentials of the victim
5. Remote access to compromised computer
6. Hacker logs into victim’s online bank account and the funds are transferred usually to accounts in the name of fictious persons and then withdrawn as soon as the credit hits.
7. Then there are unsuspecting money mules lured by prospects of easy money
8. This money is then transferred from mule to organizers

Preventive Measures:

• Strengthening security control: Security controls are more important as it involves the usage of technology. The customers should be authenticated, verified and their identities