STAY VIGILANT! PREVENT FRAUD! Visit Safe Banking Section for more information. Report cyber fraud under ‘Grievance Section’. Also Report cyber fraud on Government Portal www.cybercrime.gov.in or Call on 1930
Reporting of Cyber Frauds:
- Do not get panic, if any Cyber Fraud happens.
- Report fraud immediately to your Branch or Call on our Toll-Free No. 1800 103 1906.
- For calling your Branch, always use phone numbers available on your passbook, account statement or on Bank’s Website https://bankofindia.co.in > locate us > Branches.
- Immediately register a complaint with Cyber Police of India on portal – https://cybercrime.gov.in or Call on 1930 to block the fund.
- The Law enforcement agencies of various states, Banks & other payment merchants like Paytm, Google pay etc. participates on Govt. of India portal – https://cybercrime.gov.in.
- Your early reporting here will significantly increase chances that you can recover the fund lost.
- Give formal complaint of cybercrime within 3 days to your Branch with complete details for further processing.
For lodging complaint of cyber frauds on Government of India portal, please refer the procedural guidance given in the link below:
- Step-by-step procedure to lodge cybercrime complaint on Government of India Portal - Click here
In case you observe any suspicious transaction/s in your account follow the following steps to block the respective transaction channel –
- Debit Card
You can hotlist your debit card by calling on our IVRS 18004251112 or 022-40429127(chargeable) and by providing your account number or 16 digit card. - Credit Card
You can hotlist your Credit card by calling on our IVRS 1800220088 or 022-4042-6005/6006(chargeable) and by providing your account number or 16 digit card. - Internet Banking
Change your internet banking credentials immediately in case any suspicious transaction through internet banking is observed in your account. - Mobile Banking
Change your mobile banking credentials immediately in case any suspicious transaction through mobile banking is observed in your account. You can also De-register for mobile banking which is available under security settings option in mobile banking application. - UPI
You can block all VPAs registered with your account number by sending SMS to 8800501128 or 8130036631 in format: BLOCKUPI < Registered Mobile No. > from your registered mobile number.
Growth in digitisation has increased risk of online frauds. As a customer you may be seen as a potential target for fraudulent activities. Your personal and financial information is of sensitive nature and could be misused by fraudsters against you.
- Personal Information-Name, Address, Mobile Number, PAN number, Aadhar number or any other personally identifiable information.
- Financial Information- Bank Account Detail, Debit/Credit Card Number, CVV & PIN, Internet/Mobile Banking User ID & Password.
Social engineering is a technique used by criminals to gain access to your information. Social engineering scams can be both online (such as an email message that asks you to open the attachment, which contains malware) and offline (such as a phone call from someone posing as a representative from your credit card company, placing infected USB to install malware).
- Phishing Attacks
Phishing is carried out by e-mail spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Generally, phishing E-mails contain Spelling and grammatical errors and the associated link provided in the Email has different names from the actual website.
- Other Phishing techniques-
- Tab Nabbing- It takes advantage of the multiple tabs that users use and silently redirects a user to the affected site.
- Filter Evasion - Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails.
- Vishing - Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts. Once the phone number (owned by the phisher, and provided by a Voice over IP service) was dialled, prompts users to enter their account numbers and PIN. Visher sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.
- BEWARE OF KYC EXPIRY FRAUD
To avoid Phishing attack, be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about your sensitive information.
Malware is short form for malicious software and used as a single term to refer to virus, spy ware, worm etc. Malware is designed to cause damage to a standalone computer or a networked pc. So, wherever a malware term is used it means a program which is designed to damage your computer. Strong Anti-Malware solution should be used to prevent spread of Malware.
Your computer may be infected if you recognize any of these malware symptoms:
- Slow computer performance
- Erratic computer behaviour
- Unexplained data loss
- Frequent computer crashes
This is a form of malware that locks computer files of users to demand ransom for access to those files. Ransomware spreads through phishing, Pirated Software and malicious websites. You can avoid being victim of Ransomware, If you do not click on suspicious links, do not install pirated/illegal software and ensure that your data is backed up on a regular basis.
Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Before clicking on any link/attachment in mail, verify sender detail.
Installing Application from unknown sources, granting mobile applications excessive permission, using open Wi-Fi network and sharing OTP may lead to loss of sensitive information and financial loss. We should not enable remote sharing on mobile applications and suitable anti-malware solution should be used.
Cybercriminals use USB charging ports available at public places to install malware, steal data or even take complete control of your device. This is referred to as Juice Jacking. We should disable data transfer feature on your mobile phone while charging.
A device called card skimmer is used to copy information from Credit Card/Debit Card. This information is used for online purchases or to clone the card for cash withdrawal. We should be careful while using your card at ATMs, public places and sharing card detail online.
Victims of Money Mule are used by fraudsters to transfer illegally obtained money through victim's Account. You should not receive money in your account from unknown sources. If money is received in your account accidently, you should inform your Bank and any reversal should be initiated by The Bank crediting money in your account. You should not return money directly to the person who claims to have accidently deposited in your account, instead "the person" contact his own bank.
SIM swapping fraud
Don'ts
- Do not write your PIN on the Card or back of the Card and never carry your PIN in your wallet or purse. It’s best that PIN is only remembered.
- Never use a PIN that could be guessed easily e.g. your birthday or telephone number.
- Do not respond to any E-mail or Telephone call purported to have been issued/called by your Bank asking for your user ID, Password, Card details and ATM PIN etc. These are called PHISHING/VISHING attempts. At Bank of India, we honour the trust reposed on us and will never seek such personal details vide email or phone call for any purpose.
Do's
- Sign on the strip on the back of your card as soon as you receive it.
- Memorize your PIN (Personal Identification number) and destroy all physical evidence of the PIN.
- Register your mobile number with the bank for getting SMS alerts for your transactions.
- Any unauthorized card transactions in the account, if observed, should be reported immediately to the Bank. This will help you if fraudulent withdrawal is being done by using your Debit/Credit Card. You may refer to the tab “How to report fraud” .
- If you notice anything suspicious or any other problem arises after you have begun an ATM transaction, you may cancel the transaction and leave.
- Beware of “Shoulder Surfing”. Shield your PIN from onlookers by covering the keypad using your body while entering the PIN.
- Before leaving ATM, be sure that you have your card and your receipt and ‘Welcome Screen’ is displayed in the ATM after doing the transaction.
- Please ensure that the card is swiped in your presence at POS (Point of Sale).
- When you destroy your card upon expiry or closure of your account, cut it into four pieces through the magnetic strip.
- Look for extra devices attached to the ATMs. These may be put to capture your data. Inform security / bank immediately if any such device found.
- Access Internet Banking only from personal Desktop/Laptop.
- If shared system/Internet cafe is used, ensure safety guidelines before using Internet Banking.
- Type Bank’s URL www.bankofindia.co.in in web browser to access internet banking services.
- Never share your Internet Banking\Mobile Banking User ID& Password and OTP.
- Use Virtual Keyboard to enter your login details.
- Use StarToken offered by Bank for enhanced security.
- Check “website Address” and “Padlock” button before entering user ID & Password
- Install Banking Applications from known sources only.
- Apps obtained from unauthorised sources may steal your information.
- Secure mobile phone where mobile banking application is installed.
- Make sure your Mobile security patches are updated regularly.
- Secure your mobile phone using pin and antivirus software.
- Change PIN of Mobile Banking Application regularly.
- Disable Wi-Fi and Bluetooth automatic pairing when not in use.
- Don’t allow your device to auto-join unfamiliar Wi-Fi network.
- Enter UPI PIN only to deduct money from your account. UPI PIN is NOT required for receiving money.
- Check the receiver’s name on verifying the UPI ID. Do NOT pay without verification.
- Use UPI PIN only on the app’s UPI PIN page. Do NOT share UPI PIN anywhere else
- Scan QR ONLY for making payment and NOT for receiving money.
- Do not download any screen sharing or SMS forwarding apps when asked upon by any unknown person and without understanding its utility.
Desktop/Mobile Security
- Use Licensed Version of Operating System.
- Security Patches should be regularly updated.
- An Anti-Virus software should be installed.
- We should use only authorized software from a trusted source.
- Out dated software should be removed.
- We should always lock device screen when we finish using our computer, laptop or phone. For added security, we should also set your device to automatically lock when it goes to sleep.
- Default Administrator account should be renamed and non-administrator account shall be used.
- Windows firewall needs to be enabled in all Desktops.
- Backup your data at scheduled interval.
Browser Security
- Always use the latest version of the preferred browser and update your Web Browser with latest patches.
- Appropriately configure the privacy, security and content settings which are inbuilt in the browser.
- Always use strong password for your email account.
- Always use Anti-Spyware Software to scan the E -Mails for Spam.
- Always scan the e-Mail attachments with latest updated Anti-Virus and Anti-Spyware before opening.
- Always remember to empty the Spam folder.
- Do not open mail attachments from unknown/suspicions senders. Do not click on any links provided on such mails.
- Do not provide your personal and private information in any email.
- It is always better to have third party phishing and spam filter add-on/software.
- Have multiple Email accounts. Your primary Email account should be shared to a limited extent
- Never share your Card Details, CVV number, Card PIN, Internet /Mobile Banking/UPI Credentials and Transaction OTPs with anyone.
- Do no write / store confidential information like Passwords /PINs anywhere. Always remember banking passwords.
- Keep difficult to guess passwords and avoid using personal information such as birthdate, anniversary date, family members name etc. in passwords.
- Do not use dictionary words, alphabet sequence, a number sequence or a keyboard sequence in passwords
- Passwords must include uppercase, lowercase, numbers and special character.
- Passwords must be at least 8-15 alphanumeric characters long.
- Do not use same password for all accounts. Keep unique passwords to the extent possible.
- Passwords must be changed regularly.
- Change your banking account passwords immediately if you suspect that, it has been compromised.
- Avoid Banking transactions using any unsecured public network like Cyber Café, Public Wi-Fi etc.
- COVID-19 Phishing Scam
- Advisory on AnyDesk Application
- Cyber Security Awareness Booklet by Govt. of Maharashtra
- Phising Scam related to EMI Moratorium
- Mobile Banking Malware: SOVA Android Trojan
- Drinik Malware: Android banking Trojan
- Malicious Festival – themed campaign
- Ransomware for Website
- Beware of Digital House Arrest
- Phishing Advisory for Website