Identifying Online Fraudsters
The lockdown forced people to change their shopping habits. And it is not only limited to essential commodities and daily provisions, but also to entertainment, electronics, and luxury goods. A new group of consumers, who hesitated to shop online, managed to overcome their hesitation, and have crossed the threshold in the last few months. Many people have started using their Debit or Credit cards, e-wallets, UPI apps, and other methods to digitize payments and transactions.
It may be true that people do not remain alert, especially during festive seasons. This is why some of us fall prey to fraud. You should keep the following in mind while making online payments in this festive season and otherwise so that you will not get robbed.
Online Fraudsters Misusing reputable brand names
Online Fraudsters build websites by misusing reputable brand names and entice victims to obtain their cards and banking details. An expensive phone or laptop can be advertised and available at a 40–50% discount on a less popular or new e-commerce website. Desperate consumers are advised to first check the authenticity of such websites. Here’s how someone can do it. Anyone can check whether the website starts with “https://” (this means that the website has a security certificate). Many fraudulent and temporary websites are hosted at domain registrars and web hosting companies, which are legitimate by online fraudsters. However, there are some different levels of validation, some of which are easier to obtain than others.
The lowest level of validation, Domain Validation (DV), will only validate the ownership of the domain and not the legitimacy of the organization requesting the certificate. In other words, if you have purchased the domain “amaz0ne.in” and requested a certificate for it, you will get the certificate because you own the domain. The highest level of validation, extended validation (EV), is the safest and most comprehensive. A company requesting a certificate with extended validation must prove its identity as well as its legitimacy as a business. You can find out whether a site has an EV certificate or not by looking at the address bar. Browsers show a green address bar with a lock icon for websites with EV certificates.
If you click on a real-looking hyperlink within a message, it can still take you to a fraudulent website. Just as a person should not judge a book by the cover, one should always carefully type in the name of the shopping portal in the browser, and do not click on any hyperlink that contains a short link that gives you a merchant portal.
Never trust the details of the business on the internet search engine
Never trust the details of the business on the internet search engine. By using clever and suspicious methods, online fraudsters can display the search results of fake, duplicate websites at the top of your search. These manipulation results of businesses list phone numbers and email IDs controlled by online fraudsters and make them appear as if they are legitimate businesses of banks, insurance companies, supermarkets, liquor shops, etc.
If customers call or write to such entities, it is most likely that they are negotiating with online fraudsters. Under the guise of “valid” customers, criminals can get all the information they need to get a hold of your card/wallet/account. Always call the number published on your actual service provider’s website or write down their known and declared customer service email IDs when initiating communication. Never give card/account information and card security code / OTP to anyone.
If devices are infected with malware, it can prevent cards or personal information such as anything sent by users or something that users receive, such as OTP and email. It is advisable to install good anti-malware in your devices and keep the security on. It filters and excludes intrusion into your computer or mobile device.
Under the guise of sending or returning certain funds, awarding, depositing cashback, or validating the identity, criminals can send QR barcodes to “UPI Collect” request or scan and validate users with their PIN in the UPI app Can ask for Remember, you do not need to type in your PIN in the upcoming UPI payment. If someone is asking you to do this, then understand that an attempt is being made to cheat you.
Understanding and following these basic principles of online shopping and transactions will help customers retain their hard-earned money from online fraudsters. Remember to treat only reputable websites and portals.
