04 February 2020

SECURITY GYAN Bytes : February 2020 : 04th February 2020

Dear Tech Leader,
Recently in one of our WhatsApp Group, one CIO friend Kushal Kumar
Any documented guidelines to avoid being a victim of Jamtara kind of
frauds and what preventive measures one can take!? May be Feb
first Gyan byte include something on this.
So I immediately turned to our security expert Vikas and he responded with
this very appropriate and important writeup. Please read and give your feedback
and comments. If you have something to add, do write back.

Jamtara : The Phishing Capital of India
Crime and criminals go where the money is, with money made out of cybercrime
is more than the overall drug trade; it is essentially a lucrative business for
criminals. The entry barrier is low, minimal investment, and with little knowledge,
one can make a good amount of money via cybercrime. That’s what drove the
youths of Jamtara a small district in Jharkhand state, which has become a
notorious phishing capital of India.
Well, there is a lot that can be written about Jamtara; there is even TV series on
Netflix about it, but this security Gyan Byte is more about how to stay protected
from common fraud coming from this phishing hub.
Before we dive into some quick tips on how to stay protected, essentially it boils
down to – using your common sense, but we’ve seen that common sense is
not that common; that’s why criminals have been able to make good money.

Okay, let’s look at quick recommendations on how we can stay protected:

1. Most likely, if you’re reading it, you’re aware of the problem, discuss it with
your family, your parents, your spouse, your kids, your friends – chances
of them getting a scam call is more likely than you receive it. Being
aware of the risk is the first step towards security.
2. For your bank account (primary) with a decent amount of money, make
FDs, and leave little in the savings account. The debit card for this
account, you should never use anywhere, not in any ATM, not at any
kiosk, not in any mall, anywhere – no matter how lucrative the points
redemption offer is. Hackers can’t hack what they can’t get access to. Let
this card be your little secret that nobody knows.
3. Open a savings account (secondary) for your routine cash out, transfer
money to this account when you want to withdraw from ATM. Only keep
limited money in this account, that even if it gets hacked you won’t
die of a heart attack.
4. While using ATM, if possible, use ATM attached to the bank branch or the
one where the security guard is present. Hide the keypad with your hand
while entering the PIN; after taking the cash out, just press any
random keys so that the sequence of your PIN is scrambled.
5. Use a credit card as much as possible instead of a debit card, if your credit
card gets hacked; it’s not really your money that goes immediately out of
your account. You’ll have sufficient time to dispute with the credit card
issuer and resolve the matter.
6. Goes without saying, don’t share OTP with anyone – hang a poster in your
house of this, as a constant reminder for you and your family.
7. Don’t connect your primary bank account for any UPI payment; if you must
use UPI use your secondary account.
8. While dealing with online transactions - don’t’ click on any link coming
over your Digital Wallet/SMS/WhatsApp/other ways for receiving
the payment; most likely this will debit your account and send money
out instead of receiving it. Make your family aware of this, debit/credit are
different words; this is a very common scam going around.
9. Do no install random apps on your phone; have a separate phone that
your family can use to download games/junk etc. don’t use that phone for
any digital wallet or financial transactions.
10. Don’t’ entertain calls coming over pretending to be from your bank, credit
card issuer, PayTM, Olx, etc. etc, just don’t share any personal or banking
details with them.
There can be a lot written on this subject, but I wanted to restrict to top 10
which can be easily practiced. Above all use your common sense that will save
you not from financial scams but many others.

[Views expressed by me in this article are completely mine and in no way be
construed as the views of my organization]
This Gyan-Byte is contributed by Vikas Arora. He is
currently the Vice President – Global IT & Security
of Toluna. He has more than 23 years of work
experience in the IT industry and is passionate
about cybersecurity. He also works as a virtual
CISO for various organizations and speaks at
various national and international forums.
Twitter: @techievicky