CISO Office, UCO

Vol II, Dec 2020

CISO Office wishes to thank our readers for their overwhelming response and Fraudulent positive feedback on our new series ‘Cyber Tales by Tenali’. Keeping the trend forward, we present another modus Callers operandi of recent cyber incident with an illustrative graphic along with the best practices. One day, Tinku got a phone call Do give us your feedback to keep our from Online KBC Team…. momentum alive in enriching this publication. Incoming call Hello... Meet us… +91800XXXXXXX Tinku - Congratulations Sir…  A millennial who has grown You have won a up using computer and being jackpot worth Rs 9999 online…. from KBC Online...  Was a victim of social media scam (Cyber Tales by Tenali Vol I, Dec 2020), yet Wow… How can I get the prize money ? trusts easily on every online content

Chutki - You can receive the amount through  Neophyte yet savvy netizen… UPI… I have send it… please approve it with your UPI PIN...  Imprudent on risks, threats and dangers of digital world…

Mogambo - Tinku immediately entered his UPI PIN  Cybercon… into luring to receive the prize money, meanwhile, gullible users on popular the phone call got disconnected… and platforms Tinku got a message from his Bank...  Small towner but reach spans the nation VM-XYZBNK Wait… What Tenali - is this? Why A/c XX29  Cyber Skill Expert & narrator my account debited with Rs. of the story got debited? 9999.00 by XYZ- UPI. Avl Bal Rs.  Goal is to increase awareness XXX…… on cyber safety and create safe, digital environment

Page 1 of 4 CISO Office, UCO Bank

Contd… Fraudulent Calls using Mobile Numbers similar to Bank’s Toll Free Number Few days back, Chutki opened a savings account in ABC Bank. She eventually forgot that she already have submitted all documents in the Bank Branch while account opening. One day, while Chutki was in a hurry with her college project work, she received a call from ABC Bank’s Customer Care Executive.

Hello... Hello Ma’am.. I am calling Incoming call from ABC Bank… You have not completed your +91800XXXXXXX KYC updation.

But I can’t come to

800XXXXXXXX Branch today. I have some urgent work.

No problem… I can update your details over the call.

Okay...That will be the better option

OTP is a 6-digit Just for security reasons… please code, usually sent verify your ATM card number….Expiry date...CVV... to user’s registered phone number to 4321 123XX authenticate a ….11/23...321 transaction or login Okay ma’am, now you will in an application. receive a 6-digit verification code for confirmation….Please tell that one…. Yes yes… it’s 654321

Purpose of OTP Thank You… Your KYC is to prevent fraud details are updated After disconnecting successfully ! by confirming the the call... identity of the VM-ABCBNK user. Oh My God !!! What’s happening ! Rs. 9,999.00 spent on Card

XX1234 on 19- OTP should 12-20, 17:02:02 at XYZ Retail. never be New Avl Bal Rs. ALERT shared with SMS XXX…... anyone.

Cyber Tales by Tenali - Vol II, Dec 2020 Page 2 of 4 CISO Office, UCO Bank

Contd… Fraudulent Calls using Mobile Numbers similar to Bank’s Toll Free Number What has actually happened ? Reporting Portal Both Tinku & https://cybercrime.gov.in Don’t rely on names displayed Chutki have along with supporting in caller identifier apps like been victims of phone call documents like copy of Truecaller, True ID, CallApp complaint letter submitted to phishing fraud, popularly etc. They may not always reflect bank, details of the known as vishing. the real identity of the caller. fraudulent transactions etc. In the first scenario, Mogambo, posing as Online  Chutki should debit

Lottery Agency Executive , freeze her account and disable the debit card called Tinku from a number UPI PIN is required showing ‘Online KBC’ in through ABC Bank’s mobile Truecaller. Tinku did not only for sending banking app. verified the authenticity of money, not while  Also, change PINs and the caller. Moreover, Tinku receiving it. passwords of all digital also did not noticed the UPI banking services availed prompt whether it was for ‘sending’ or such as - mBanking - MPIN, TPIN, ‘receiving’ money. And while in hurry, he ATM card PIN, E-Banking - Password, entered the UPI PIN to authenticate UPI - PIN etc. ‘sending’ the amount. What other tricks could have been used by In the second scenario, Mogambo, Mogambo to lure users like Tinku impersonating as Bank’s customer care & Chutki? executive, has called Chutki from a number  Bank account has expired which looks similar to that of the actual toll free number of ABC Bank. Chutki got  Credit card / Debit card will expire soon  Increase credit card limit, tricked easily since the Always check Bank’s Toll provide add-on card, provide number showed ‘ABC Bank free number from Bank’s more benefits in credit card abc’ in Truecaller app and Official Website or that given she was already pre- in the backside of debit card  Internet banking / Mobile occupied with some other issued by the Bank. banking account has expired works.  Won a lottery / coupon in What should they do now? some random show

 Immediately report to  KYC verification for their by calling UCO Bank’s Toll Free No. wallets like , Phonepe, the Toll Free Number Googlepay etc 1800XXXXXXX or  Upgrade SIM to e-sim / visiting the nearest Bank

5G sim Branch.  ‘Work from home’  Report to the nearest employments opportunities in Bank Cyber Crime Police Station or in the website of National Cyber Crime  Call from the Income Tax department regarding income tax return

Cyber Tales by Tenali - Vol II, Dec 2020 Page 3 of 4 CISO Office, UCO Bank

Contd… Fraudulent Calls using Mobile Numbers similar to Bank’s Toll Free Number

 For pensioners - Call from ex-employer immediately disconnect the call without regarding pension details etc. divulging any sensitive information.

 Most of the OTP messages mention the Warning Signs of Vishing reason for generation of the OTP. Read  Call from unknown number claiming every message carefully before taking to be bank / other representative any actions.

 Gain confidence of user by telling  Check and verify the details before some details of the user (usually approving any transaction through UPI. obtained from social media) Always remember that PIN is required  Offer products and services which while sending money, not for receiving seem too good to be true it.

 Depict urgency to get user’s response  Do not share sensitive personal / financial information with anyone.  Warn or threaten users about negative consequences  Do not click on links given in unknown mails or messages. Also, never install  Ask for sensitive information like OTP, CVV, passwords, PINs etc which are unknown apps if someone tells you not to be shared with anyone over phone for ‘customer support’ purposes.  May ask for personal information like:

 Date of Birth, Email id Online banking services has eased our  Office / Residential Address lives. And following good cyber hygiene  Family Member details shall help us in staying safe online.  no. , PAN no. etc  May ask for financial information like: Stay Positive on Cyber Hygiene  Account no., online banking user id, Be Negative on Fraudulent Callers PIN / Password  Card no., PIN, expiry date, CVV  May ask user to install remote access app like Anydesk, Teamviewer etc and then ask for code displayed in app upon installation in user device

 May send SMS / Email with malicious link and ask user to click on it Keep How to stay protected?  Carefully check the number before responding. If a caller impersonates as Eyes Open Bank Customer Care Executive, We welcome your valuable suggestions / feedback at [email protected] Cyber Tales by Tenali - Vol II, Dec 2020 Page 4 of 4 CISO Office, UCO Bank