Cyber Crimes

Vishing/Phishing Frauds

This is one of the most common types of cyber fraud that has been going on for decades. The Modus Operandi in such crimes is to email/SMS/call unsuspecting persons, preferably senior citizens, pretending to be from some bank.

In the vishing technique of fraud, sometimes, the fraudsters do not name the bank and ask the victim the name of their bank and then tell them that they are transferring their call to the said bank. The so-called bank manager/employee/customer care executive tells the unsuspecting victim that his/her bank account or debit card is being blocked/frozen due to some technical difficulties or because their KYC has not been updated and if they wish to unblock it, they will have to verify some details. They, then induce the victim to share the debit/credit card number, expiration date, CVV and finally, the OTP generated due to the fraudulent transaction that they do using the victim’s card. The fraudsters do not let the victim hang up the phone lest he should come to know about the illegal transaction.

In a variant of this crime, the fraudsters sometimes call the victims and tell them that they have won a gift from the bank (which could be anything ranging from a travel trip to a free additional debit/credit card) and that they just need to verify some details and then proceed to dupe the unsuspecting bank customer as mentioned above. The cheated money is usually used to make some transaction online at various e-commerce sites like Amazon, Flipkart, etc.

In the phishing email variant, the fraudsters send a link that takes the victim to a web page that is deceptively similar to the actual site of the bank.

Safety Precautions:

1. Banks or any of their representatives never send email/SMS to their customers or call them over phone to ask for personal information, password or one-time password (OTP). Any such e-mail/SMS or phone call is an attempt to fraudulently withdraw money from the customer’s account through Internet Banking. Never respond to such email/SMS or phone call.

2. Never respond to emails/calls asking you to update or verify User ID/Password/Debit Card Number/PIN/CVV, etc. Inform your bank about such email/SMS or phone call. Immediately change your passwords if you have accidentally revealed your credentials.

3. Always remember that information like password, PIN, TIN, etc., are strictly confidential and are not known even to employees/service personnel of the bank. You should, therefore, never divulge such information even if asked for.

4. Never provide your identity proof to anyone without any genuine reason.

5. Never click on any link in any e-mail to access the bank’s site. It is likely to be a phishing site that will direct you to an impersonating site and capture your banking credentials.

6. Access your bank website only by typing the URL in address bar of browser.

7. When on your bank website, look for the padlock symbol either in the address bar or the status bar (mostly in the address bar) but not within the web page display area. Verify the security certificate by clicking on the padlock.

  • How to make a complaint:

    1. Brief facts of the complaint explaining how to come in contect with the alleged person/website and subsequent fraud

    2. Take a screenshot/Copy of the alleged SMSs/Emails/Website

    3. Collect documentary evidence (e.g. screenshots, bank transaction statements, etc.)

    4. Lodge a complaint in your nearest Police Station describing complete incidence along with the above mentioned documents.

    5. Save the soft copy of all above mentioned documents in soft form and provide them to the Investigating Officer on a CD-R and also give hard copy.