Safe Banking Tips

Tips for safe and secure UPI/Mobile Banking transactions:

  • Ensure  app is downloaded from trusted sources. Just because the name of an app resembles the name of the bank, don’t assume it is the official Vijaya Bank app. It could be a fraudulent app designed to trick users into believing the service is legitimate.
  • Do not modify mobile phone core configuration which is technically called as jailbreaking or rooting of the device. It will make your mobile phone susceptible to an infection from a virus, Trojan, or malware.
  • Be alert to changes in your mobile phone performance. If you download any new applications and your mobile phone starts performing differently (for example-responding slowly to commands or draining its battery faster), that could be a sign that malicious code is present on your mobile phone.
  • Monitor your financial records and accounts on a regular basis. Use the electronic account alerts to send to your email or mobile device on account activity. Regularly review your statements with online banking. This will enable you to spot any suspicious activity.
  • Vijaya Bank will never ask for your password under any circumstances. Do not tell your password to others under any circumstances (including mobile phone support operators or mobile phone sales representatives etc.). Fraudsters will try to obtain mobile banking passwords by e-mail, letter, phone calls, asking for your mobile banking account number, username, password, and other important information. If you have any doubts, please contact Vijaya Bank customer care
  • Use strong passwords that are not easily guessable. They should be composed of numbers, letters (upper case and lower case) and special characters.
  • It is good practice to change your mobile banking password regularly.
  • Do not lend others your phone with the mobile banking function opened as this will prevent infringement and deter others from spying on your personal information.
  • Don’t use your device in an unsecured Wi-Fi network or in a public place.
  • Don’t send account numbers or other sensitive information through regular e-mails or text messages because those are not necessarily secure.
  • Password protect your mobile device and lock your device when it’s not in use. Keep your mobile device in a safe location.
  • Delete text messages from your financial institution on your mobile device, especially if they contain sensitive information.
  • If you change your mobile number, immediately contact Vijaya Bank to change the details of your mobile banking profile. You should also take additional precautions in case your device is lost or stolen. Check with your wireless provider in advance to find out about features that enable you to remotely erase content or turn off access to your device or account if lost or stolen.
  • Install mobile security software on your mobile phone.

Best Practices for Users & customers to mitigate risks related to micro ATM:
1.    Before using Micro ATM, please ensure that there are no strange objects in the insertion panel of the ATM (to avoid skimming)
2.    Cover the PIN pad while entering PIN. Destroy the transaction receipts securely after reviewing.
3.    Change ATM PIN on a regular basis.
4.    Keep a close eye on bank statements, and dispute any unauthorized changes or withdrawals immediately.
5.    Shred anything that contains credit card number written on it. (bills etc.)
6.    Notify credit/debit card issuers in advance for change of address
7.    Do not accept the card received directly from bank in case if it is damaged or seal is open.
8.    Do not write PIN number on credit/debit card.
9.    Do not disclose Credit Number/ATM PIN to anyone.
10.    Do not hand over the card to anyone, even if he/she claims to represent the Bank.
11.    Do not get carried away by strangers who try to help you use the Micro ATM machine.
12.    Do not transfer or share account details with unknown/non validated source.
13.    In case of any suspected transactions or loss of cards, contact the service provider/ bank immediately.

Do’s and Don’t’s for the reported Malware-Gooligan in Android Mobiles:
1.    Do not download and install applications from untrusted sources. Install applications downloaded from reputed application market only.
2.    Do not click on banners or pop-up or ads notifications
3.    Turn on 2-factor authentication for your Google / other account.
4.    Run a full system scan on device with mobile security solution or mobile antivirus solution.
5.    Check for the permissions required by an application before installing.
6.    Exercise caution while visiting trusted / untrusted sites for clicking links.
7.    Install Android Updates and patches as and when available from Android device vendors Install and maintain updated mobile security / antivirus solution.
8.    Users are advised to use device encryption or encrypting external SD Card feature available with most of the android OS.
9.    Users are advised to keep an eye on Data Usage and unusual increase in mobile bills.
10.    Use Android Device Manager to locate, remotely lock or erase your device.
11.    Avoid using unsecured, Unknown Wi-Fi networks. There may be rogue Wi-Fi access points at public places used for distributing malicious applications.

Countermeasures on Suspected mobiles:
1.    Scan the suspected device with antivirus solutions to detect and clean infections.
2.    Disable the account synchronization option in the infected device.
3.    Logout of all the synchronized accounts such as Gmail, Facebook etc. and changed their passwords using a clean system. Users should enable 2-factor authentication mechanism for additional security.
4.    Try to clean the infection using factory resets option, if it does not work then go for firmware re-flashing to install the fresh operating system on the mobile device. Before re-flashing take backup of your important information such as contacts, messages, images etc to external device.
5.    Perform re-flashing of all other devices for which these accounts are synchronized.

 


SMiShing-Phishing through SMS – a Social Engineering technique

Many people assume mobile phones are safe, and don’t realize that malware and phishing attacks are also a concern for mobile devices. Text messaging is one of the most common features used on mobile phones. There are billions of text messages received around the world each day, and a growing number of these are spam, phishing, or other malicious attacks.

SMiShing (which is a combination of SMS and Phishing) is a form of criminal activity using social engineering techniques. Phishing is the act of attempting to obtain personal information (such as passwords and financial details) by impersonating a trustworthy business in an electronic communication. Short Message Service (SMS) is the technology used for text messages on mobile phones. By combining the two, SMiShing utilises mobile phone text messages to trick people into disclosing their personal or financial information via a link to a false website, or via a fake telephone number.

Types of SMiSh Messages

According to a study, more than 90% of text messages are opened within 15 minutes of being received. This is the main reason so many SMiSh attempts are successful. Criminals prey on this immediate responsiveness.

They may be offering you something for free (e.g. “The first 20 responses win a Rs.2000 supermarket gift card”) or be advertising an amazing discount that is only available if you “ACT NOW!”.

SMiSh messages may also urge you to respond immediately to keep something bad from happening. For example, the message might appear to be from your bank, telling you that your credit has been compromised and you need to verify your account straight away using a web link (which will actually direct you to a phishing website that will steal your banking credentials).

SMishing can be independent (where the scam is solely in message form) or can be used as a sub-set of Vishing (where the message asks you to call a number). FInstead of receiving a call impersonating the taxation office, the victim will receive an SMS saying something like, “This is the Income Tax department. You are eligible for a Rs.10000 refund. Call us on XXXXXXXXXXX to find out more”.

Ways to avoid SMiShing Attacks

Avoid tapping links within text messages. Be extra cautious if the message appears to come from someone you know, because the SMS ID can be faked.

DON’T REPLY to text messages that request private or financial information from you.

If a text message is urging you to act or respond quickly, stop and think about it. Remember that criminals use this as a tactic to get you to do what they want.

Never reply to a suspicious text message without verifying the source. If your credit card has really been compromised, you should call the number on the back of your card to discuss this matter with your bank.

Never call a phone number contained in a message from an unknown sender.

If you are using an Android device, you should consider adding security software to your mobile. Smartphones are essentially small computers loaded with gigabytes of sensitive information that criminals want. You should protect your mobile phone the same way you protect your PC to avoid malware and phishing attacks.

In some cases check mobile links by taping and holding the link on your smartphone, so that you can see where it is pointing to.

Note: It is important to recognize the distinction between Telemarketing and SMiShing. Whilst telemarketers can be annoying, they are generally not being malicious. By registering your number on the Do Not Call Register you will virtually eliminate any calls that are not scams, because most legitimate telemarketers obey the rules and laws around contacting customers.

SMiShing is likely to become more prominent in the coming years. Mobile phone users need to exercise a healthy dose of suspicion with every message they receive.

SMiShing-Phishing through SMS – a Social Engineering technique

Many people assume mobile phones are safe, and don’t realize that malware and phishing attacks are also a concern for mobile devices. Text messaging is one of the most common features used on mobile phones. There are billions of text messages received around the world each day, and a growing number of these are spam, phishing, or other malicious attacks.

SMiShing (which is a combination of SMS and Phishing) is a form of criminal activity using social engineering techniques. Phishing is the act of attempting to obtain personal information (such as passwords and financial details) by impersonating a trustworthy business in an electronic communication. Short Message Service (SMS) is the technology used for text messages on mobile phones. By combining the two, SMiShing utilises mobile phone text messages to trick people into disclosing their personal or financial information via a link to a false website, or via a fake telephone number.

Types of SMiSh Messages

According to a study, more than 90% of text messages are opened within 15 minutes of being received. This is the main reason so many SMiSh attempts are successful. Criminals prey on this immediate responsiveness.

They may be offering you something for free (e.g. “The first 20 responses win a Rs.2000 supermarket gift card”) or be advertising an amazing discount that is only available if you “ACT NOW!”.

SMiSh messages may also urge you to respond immediately to keep something bad from happening. For example, the message might appear to be from your bank, telling you that your credit has been compromised and you need to verify your account straight away using a web link (which will actually direct you to a phishing website that will steal your banking credentials).

SMishing can be independent (where the scam is solely in message form) or can be used as a sub-set of Vishing (where the message asks you to call a number). FInstead of receiving a call impersonating the taxation office, the victim will receive an SMS saying something like, “This is the Income Tax department. You are eligible for a Rs.10000 refund. Call us on XXXXXXXXXXX to find out more”.

Ways to avoid SMiShing Attacks

Avoid tapping links within text messages. Be extra cautious if the message appears to come from someone you know, because the SMS ID can be faked.

DON’T REPLY to text messages that request private or financial information from you.

If a text message is urging you to act or respond quickly, stop and think about it. Remember that criminals use this as a tactic to get you to do what they want.

Never reply to a suspicious text message without verifying the source. If your credit card has really been compromised, you should call the number on the back of your card to discuss this matter with your bank.

Never call a phone number contained in a message from an unknown sender.

If you are using an Android device, you should consider adding security software to your mobile. Smartphones are essentially small computers loaded with gigabytes of sensitive information that criminals want. You should protect your mobile phone the same way you protect your PC to avoid malware and phishing attacks.

In some cases check mobile links by taping and holding the link on your smartphone, so that you can see where it is pointing to.

Note: It is important to recognize the distinction between Telemarketing and SMiShing. Whilst telemarketers can be annoying, they are generally not being malicious. By registering your number on the Do Not Call Register you will virtually eliminate any calls that are not scams, because most legitimate telemarketers obey the rules and laws around contacting customers.

SMiShing is likely to become more prominent in the coming years. Mobile phone users need to exercise a healthy dose of suspicion with every message they receive.

show