Surakshit Banking

Your email ID is your identity and address on the Internet. It must be protected

• Be cautious while disclosing your email on websites, any social media platforms.
• If you receive any spam email, do not respond such email without further verification or clarification from respective sender.
• Never click on links, download files, or open attachments in emails that are sent from unknown senders.
• Change your password periodically.

Some security measures of ATM banking are as follows:

• Register your mobile number with the Bank to get alerts of transactions.
• Beware of “shoulder surfing” while transacting anything inside the ATM. Shoulder surfing is a mode of target which attackers use by just standing near you and noticing the PIN entered for the card.
• Avoid engaging in any kind of conversations with strangers, near and inside the ATM. Do not accept assistance or allow anyone to interfere with your transaction.
• Do not perform any transaction if you find anything unusual in the ATM.
• Transaction slip, if printed, should not be disclosed to anyone.
• After you deposit a cash in the ATM Recycler Machines (where available), check the credit entry in your account after a couple of days. Report to the Bank if there is any discrepancy.
• Do not forget any valuable like card, passbook, mobile etc. in the ATM.
• Change your Card PIN the first time you use it.
• Memorize your PIN and do not write it anywhere.
• Do not share your PIN or card with anyone else.

Phishing is a type of attack which attempts to steal sensitive information like user login credentials, credit card number, etc. either through an email. It occurs when an attacker is masquerading as a trustworthy entity in electronic communication. The emails may ask the recipient to click a link and provide confidential information like account number, username and transaction password, mobile number, address, debit card/ credit card number, CVV, PAN, date of birth, mother’s maiden name, passport number, etc.

Modus operandi of email phishing

An attacker creates a fake email ID which looks like the original one, but there is always some difference.
For example, the attacker might create an email ID as ‘user@bmcbank.com’ instead of ‘user@bmcbbank.com’.
At first glance, both the email IDs would appear genuine, as there is only a slight spelling mistake but if the victim is in a hurry, he/she might end up interacting with the spoofed website and share confidential data.

Security practices:

• Be cautious while clicking on links, downloading files, or opening attachments in emails, especially received from unknown senders/sources.
• Be cautious while providing your personal details on any links.
• Carefully observe the email ID before sharing any data.
• As a best practice, do not share any confidential data on websites not starting with https:// (where s stands for secured).

As most of the account details are connected to an individuals’ mobile number, the attacker tries to gain access to the SIM card or obtain a duplicate SIM card for carrying out transactions on such duplicate SIM. Using the SIM swap technique, the attacker gathers personal information by practices such as phishing, vishing, smishing, and more, and uses the same to get a new sim card issued in the customers’ name. Post which, the attacker gets all the requisite information using this sim card, including OTPs, which they use to conduct fraudulent transactions from the customers’ bank accounts.

Juice jacking is a type of attack involving a charging port from where data is stolen from the connected device; there are crawlers that can search a phone for personally identifiable information (PII), account credentials, banking-related or credit card data. These crawlers can copy all information to attackers’ own devices.

A QR code (Quick Response Code) consists of several black squares and dots which represent certain digital information. When a smart device scans this code, it translates that information into something that can be easily understood by the device. Fraudsters often contact customers under various pretext and trick them into scanning QR codes using payment apps. This allows the fraudsters to withdraw money from customer’s account.