Social Engineering causing majority of cyber frauds, Manish Agrawal, Head – Credit Intelligence and Control, HDFC Bank
70-80 percent or even more of cyber frauds are happening through social engineering tactics, where the modus operandi is through Greed, Threat, Help (GTH) mechanism
HDFC Bank recently concluded its second analysis on cyber frauds in India for the assessment of year 2021 and gave the outlook for 2022. Some of the quick highlights busts few myths about cyber frauds.
A fraud dispute time analysis by HDFC Bank reveals that 65-70 percent of cyber frauds now happen between 7.00 AM and 7.00 PM, contrary to the perception that frauds happen only in the middle of the night.
HDFC Bank’s study further reveals that 80-85% of the affected customers are in the age group 22-50, who supposedly belonged to the more tech savvy age bracket. It’s usually presumed that only the elderly get defrauded
70-80 percent or even more of cyber frauds are happening through social engineering tactics, where the modus operandi is through Greed, Threat, Help (GTH) mechanism. “It’s not about the system vulnerabilities or exploitation but it is always about the social engineering tactics,” says Manish Agrawal, Head Credit Intelligence and Control, HDFC Bank.
A major eye-opener from the analysis is the vulnerability of the young population falling prey to cyber frauds. They are being tricked by social engineering techniques because of not paying enough cognizance to basic hygiene while conducting banking transactions on digital channels.
Fraudsters adopt the GTH formula
The script to defraud the customer is written around Greed, Threat, Help (GTH). The scenarios are built to entice the customer towards making them to believe a false offer and then entrap : “you have won a lottery, prize, etc; we will get a job for you; matrimonial frauds; gifts lying at the airport awaiting duty payment and clearance, etc.” These are all examples of Greed.
The customers are threatened to provide personal details, in the absence of which the bank account will be closed or the card will be blocked / the mobile services will be discontinued, etc.
Finally, ‘Help’. In the corona period, there were instances of calls made to customers who were seeking oxygen cylinders. They are made to pay before the services are provided, which they willingly do because of the dire requirement and then get duped. These are the examples of the citizens being pushed to trap themselves.
The digital transactions also have a pull mechanism whereby the customers self-trap themselves by attracting the fraudsters towards them. For example, people posting a sell advertisement of their vehicles on various digital platforms. The buyer in this case will ask the seller to authenticate the link shared by him (with the UPI PIN) to receive the payment and thus the fraud happens. The reality is that a customer has to never authenticate for receiving money.
Awareness is the key
The digital transaction security awareness should begin at the house level, “Every house should have one evangelist who regularly nudges the family members to follow the hygiene rules while conducting digital transactions,” suggests Agrawal.
The HDFC Bank is also running a campaign across the country to make citizens and children aware about how to safely conduct digital transactions. The bank is organizing 2000 secure banking workshops to create awareness about digital frauds.
In fact, as of November 2021, the bank has already covered 99 cities/towns across India through these workshops; 23 of these workshops were conducted in tier II-IV cities; 137 workshops across schools/colleges covering over 10000 students to inculcate early safe banking habits.
Card-on-file (CoF) tokenisation to be introduced from January 2022
The citizens should embrace all the latest digital transaction safety features allowed and facilitated by RBI. The RBI in September 2021 allowed companies to provide Card-on-file (CoF) tokenisation to enhance the security of card transactions.This will come into effect from January 1, 2022.
The CoF tokenisation basically allows customers doing digital transactions to convert their card details into a 16 digit token number, which will prevent the hackers or fraudsters from misusing the data even if it’s hacked. As it will be difficult for them to decipher the card details from the token number. “At the ecosystem level, the RBI is putting in a lot of controls and i think it’s phenomenal and the customers should make sure they adopt these measures for securing their digital transactions,” feels Agrawal.
In the case of HDFC Bank’s card customers, effective January 1, 2022, the HDFC Bank card details saved on merchant website/app will get deleted by the merchants as per the RBI mandate for enhanced card security. To pay each time, the customers will have to enter full card details or opt for tokenisation.
India has one of the highest percentage of real time settlement in the world. This further enhances the need for the country to guard the digital transactions space.