Don’t share that OTP: A look at digital banking scams, and how to stay safe

A recent report by the Reserve Bank of India (RBI) has revealed a worrying surge in bank fraud cases during the 2024 fiscal year. Between April and September, 18,461 frauds were reported, involving a staggering Rs 21,367 crore. This marks a sharp rise compared to the same period last year, which saw 14,480 cases amounting to just Rs 2,623 crore.

Amid a rise in banking scams targeting unsuspecting victims, the ninth edition of The Safe Side by indianexpress.com explores ways to stay safe online and spot cyber threats.

What are banking scams?

Banking scams or frauds involve criminals using deceptive tactics to steal money or sensitive information from victims. Fraudsters employ various methods, such as emails, text messages, phone calls, and fake websites, to trick individuals into divulging their financial details.

“Fraudsters exploit both human and technological vulnerabilities in the banking system,” said Tushar Sharma, cybersecurity expert and co-founder of The Organisation For Enlightening and Education (TOFEE), New Delhi. “They use social engineering techniques, that is exploiting peoples’ weaknesses, phishing attacks, malware, keylogging software, data breaches, and fake banking apps or websites to deceive victims,” he said.

“Most common vulnerabilities are lack of awareness, outdated software and operating systems, unsecured Wi-Fi networks, use of weak passwords, and lack of Two Factor Authentication (2FA),” said Sharma.

What are common banking frauds?

Sharma listed some common banking frauds:

Synthetic identity fraud: Fraudsters combine real and fake information to create identities for securing loans or opening accounts, leveraging data breaches and AI to evade detection.

Phishing and spear-phishing: Scammers send fake emails or messages to trick victims into revealing sensitive information such as account details, credit card information, and PINs.

Mobile banking frauds: Cybercriminals hijack phone numbers to bypass two-factor authentication (2FA) and steal funds by exploiting carrier vulnerabilities.

ATM skimming and card cloning: IoT devices are used to steal card data from ATMs or payment terminals, enabling fraudulent transactions or card duplication.

Jumped deposits: Fraudsters make small deposits to gain victims’ trust before initiating fake refund requests that trick them into revealing their UPI PINs.

Automatic withdrawal scams: Unauthorised recurring payments are set up for fake subscriptions or services, leading to consistent deductions without consent.

Government masquerader scams: Impostors pose as government officials to trick victims into sharing personal data or making fraudulent payments

Fake loan fraud: Scammers target individuals seeking loans by using stolen data and phishing tactics to extract money.

Tips to avoid banking scams

Sharma and Manish Agrawal, senior executive vice president, credit intelligence and control, HDFC Bank, recommended the following precautions:

🎯 Verify government schemes and offers on official websites before taking action.

🎯 Legitimate government agencies will never demand immediate payments or request sensitive details via calls, emails, or SMS.

🎯 Regularly review bank statements and transaction history to detect unauthorized charges.

🎯 Report suspicious activity to your bank immediately.

🎯 Verify the legitimacy of lenders before taking loans by checking RBI registration and physical office addresses.

🎯 Research lenders’ reputations online using trusted sources like Bankrate.

🎯 Stay informed about evolving scam tactics.

🎯 Avoid clicking on unknown links in emails or messages.

🎯 Never send money to unverified individuals.

🎯 Do not share sensitive details such as KYC data, bank credentials, OTPs, or PINs.

🎯 Stay composed and do not panic if you suspect fraudulent activity.

🎯 Report suspicious communication on the Chakshu Portal at https://sancharsaathi.gov.in/

🎯 In case you fall prey to a fraud, contact your bank immediately. You can also file a complaint at https://www.cybercrime.gov.in/ or call on 1930.

What to do if you think you’ve been scammed

According to Sharma, taking immediate action can minimise financial loss. “To support victims, banks, once the victims reach out, block the relevant channels on which the fraud was perpetrated to curtail further losses,” said Agrawal.

Here is what you need to do in case you think you have been scammed: 

📌 Stop all communication with the scammer. Do not respond to emails, messages, or calls.

📌 Inform your bank about the fraudulent activity and request a halt on transactions.

📌 Do not share additional details with anyone.

📌 Attempt to recover lost funds by working with your bank.

📌 Monitor your account activity regularly for suspicious transactions.

📌 Check your CIBIL report to ensure no unauthorised loans have been taken in your name.

While digital banking offers convenience, it also presents new opportunities for scammers. Tackling these scams is a shared responsibility between customers, banks, and regulators. By staying informed about the latest fraud tactics and adopting secure financial habits, individuals can safeguard themselves effectively. Striking a balance between ease of access and security is key to staying protected in an increasingly digital world.

The Safe Side: As the world evolves, the digital landscape does too, bringing new opportunities—and new risks. Scammers are becoming more sophisticated, exploiting vulnerabilities to their advantage. In our special feature series, we delve into the latest cybercrime trends and provide practical tips to help you stay informed, secure, and vigilant online.