News
You are being scammed!
View(s):- Authorites warn people as millions of funds have been defrauded recently through fake bank websites and ‘Phishing’ and ‘Vishing’
- Don’t share your One-Time Passwords (OTP) with anyone for any reason
By Sandun Jayawardana
Authorities are warning about an alarming increase in financial scams targeting bank customers and are urging people not to divulge personal banking information to unauthorised parties.
While an exact estimate of funds defrauded through such scams in recent weeks is as yet unavailable, police said it runs into millions of rupees.
The Computer Crimes Investigation Division of the Criminal Investigation Department (CID) recently arrested two Ukrainian nationals in Unawatuna on charges of defrauding more than Rs. 10 million from bank customers by secretly obtaining their One-Time Passwords (OTP). Police said the suspects had deceived their victims into divulging personal banking information and their OTPs by telling them they have won gifts or other benefits.
Both foreigners and locals are involved in these scams. Some operate from within Sri Lanka as well as from overseas.
Recently, police discovered that scammers have been setting up fake websites made to look like those of leading private banks and luring customers into these sites using various tactics, resulting in them entering their login details and passwords to the fake site, which leads to the scammers gaining access to their bank accounts, Police Spokesman Deputy Inspector General (DIG) Nihal Thalduwa told the Sunday Times.
One particular scam involved running fake ads on Facebook purported to be from a leading private bank. The ads claimed the bank was running a survey and that participants could win a cash prize by taking part. Those who clicked on the ad were taken to a website that looked like the website of the bank. They were then asked to enter their login details and the scammers would then reach out to the customers to obtain their OTPs, which would pave the way to transfer funds from their victims’ accounts.
Pic by Eshan Fernando
According to police, one pensioner lost Rs. 4.3 million of his life savings after falling victim to the scam.
The fake banking websites are set up through a fake Uniform Resource Locator (URL). A URL is a unique identifier used to locate a resource on the internet. The scammers can set up any number of fake websites by slightly altering the URL of the real website.
DIG Thalduwa urged people not to divulge their OTPs to third parties for whatever reason. “The OTP is automatically generated and even the bank doesn’t know it. It is only meant for the customer. Even bank employees would not ask for it. As such, never give your OTP to anyone. If someone asks for your OTP, it is definitely because they are scammers. Divulging it to them means you run the risk of losing all your funds.”
He urged the public to exercise extra vigilance when conducting online banking transactions and to reach out to their bank if they need to clarify something. He also appealed to banks to continue raising awareness among their customers to be careful when engaging in online banking and to tell their customers not to reveal their OTPs to anyone.
Many banks have been running notices on their social media pages and also sending messages to customers in recent days urging them to exercise caution while doing online banking and not to divulge their OTPs to anyone. The banks have also stressed they are not affiliated to any raffle draws or jackpot competitions currently being circulated on social media in their name. The Central Bank too has been running notices urging the public to exercise vigilance.
In the majority of online scams, users fall victim due to a lack of awareness, said Charuka Damunupola, Lead Information Security Engineer at Sri Lanka Computer Emergency Readiness Team (SLCERT). He pointed out that scammers are able to obtain customers’ OTPs mainly due to the customers not having much of an idea about the importance of an OTP. “They think it’s just a set of numbers and attach less importance to it compared to passwords. But every bank has set up this two-step verification process where you receive an OTP when you engage in a transaction. That’s why scammers have set up these elaborate scenarios to steal the customers’ OTPs.”
He noted that most won’t even notice the URL which might alert them that they have been sent to a fake website. The scammers will keep changing the letters in the URL to make it look similar to the normal banking website. Most users won’t identify the difference and will enter their personal information. The fake sites then steal the Personal Identification Information (PII) data of the customers. These include full name, date of birth, address and NIC number.
“In some instances, scammers will ask you to enter your credit card details. We have also seen instances where they tell you to enter your banking details if you want to claim a reward. People think the reward money would be deposited to their accounts so without hesitancy they disclose their banking details. Once they get the details, scammers will try to log into your banking account. When the OTP comes to your phone, they will ask for it and people will disclose that without thinking. Once they have the OTP, they can easily transfer the money to whatever bank account they prefer,” Mr Damunupola explained.
These ‘Phishing’ scams can take a variety of forms. Some are done by way of voice calls, which are known as ‘Vishing.’ This involves scammers calling a person to try and obtain personal banking details. For instance, they can tell a customer that they have won a prize at a raffle draw. ‘Smishing’ is another commonly used method.
This involves scammers using fake mobile text messages or social media messaging apps such as WhatsApp, Viber, Telegram or Messenger to trick people into downloading malware. The message may claim that you have a work-from-home opportunity or that you have been selected for a foreign job. The message will contain a phishing link. Once a person clicks on that link it will take them to a fake website and the same scenario will follow, the SLCERT official explained.
Recently, scammers have been luring victims through fake ads on social media, particularly Facebook. They tend to target a certain type of audience, probably those between ages 45-60 who may not have the same technological awareness and digital literacy as younger users. They may also target different areas of the country, particularly rural areas where awareness of such scams is less, Mr Damunupola said.
He urged users to try to use the recommended banking app given by their bank whenever possible when engaging in online banking. This is because the banking app is a genuine app put up by the bank and is far more secure. If someone is doing online banking through a web browser, then they should double check the URL to ensure that they have gone to the correct banking website, he added.
The best way to say that you found the home of your dreams is by finding it on Hitad.lk. We have listings for apartments for sale or rent in Sri Lanka, no matter what locale you're looking for! Whether you live in Colombo, Galle, Kandy, Matara, Jaffna and more - we've got them all!