There is a general perception that senior citizens or non-tech savvy people are usually the victims of banking fraud in India. However, an analysis of cyber and banking frauds by HDFC Bank has revealed the majority of the victims of cyber fraud attacks are young and salaried individuals, which can be expected to be tech-savvy. Manish Agrawal, head—credit intelligence and control at HDFC Bank spoke to Mint on common ways in which people are duped and behaviors that could protect them from cyber fraud attacks. Edited Excerpts.
What is the common nature of cyber fraud in India?
First and foremost, we are not talking about cyber-attacks coming in from any foreign country, where the banking systems are hacked. What we are talking about here is how an individual customer gets defrauded. So, the methodology used to attack is very, very simple, and that methodology is social engineering. This is used to gain access to private information.
Earlier when people used to deal with financial matters, they were a little cautious as they knew that they have cash in their pocket and they have to make sure that the cash is not swindled. The way financial infrastructure has developed in the last five years and the pace at which the digital economy has grown, the general public does not know what the safeguards are.
Today, if customers are losing money, it’s not because their credentials have been stolen. But what’s happening is they’re receiving a call or they are getting an online link to click.
When we talk about social engineering, fraudsters are following the script of greed, threat or help. During covid-19, scammers used scripts based on providing drug remdesivir or oxygen concentrators to cheat people.
Take us through the findings of your analysis of cyber fraud attacks?
If we look at digital fraud, what comes to our mind? The frauds happen only with people who are not literate. Also, it happens to people who are senior citizens.
The analysis that we did challenge all these hypotheses. We observed that the frauds are happening in daylight. About 65-70% of cyber frauds now happen between 7.00 am and 7.00 pm. This is contrary to the perception that frauds happen in the middle of the night. We also found that 80-85% of the affected customers are in the age group 22-50 years, the age group, which is expected to be tech-savvy. We found that the frauds are happening with the people who are salaried class individuals, who can be perceived as educated. We also found that frauds are happening more with the male population and not the female population.
This means that the problem cannot be generalized. We have seen that most of the frauds are happening with the people who are pretty active with digital transitions. It is no longer the case today that somebody did the digital transaction for the first time and got swindled.
What can people do to avoid fraud?
There are three simple steps that people can follow to protect themselves from cyber fraud attacks. First, do not download anything from a link, which is not a trusted source. Second, don’t share your OTP, PIN or password, and third, do not download an app from a non-trusted source.
If people follow these three basic steps, the problem of cyber fraud attacks will be resolved to the extent of 90-95%.
Is financial literacy enough to make people aware of frauds, or do we need cyber security literacy in India?
HDFC Bank celebrates fraud awareness week in November. We are undertaking 2,000 secure banking workshops to create awareness about digital fraud. As of November 2021, the bank has conducted 137 workshops across schools and colleges covering over 10,000 students to inculcate early safe banking habits. This time we thought that this must be a part of the literacy program, and the awareness must be imparted to the kids because they have to become evangelists. These steps will show an impact in the long run, but they require continuous reiteration.