#

Customer Corner

  • Sensitive Information
    Growth in digitisation has increased risk of online frauds. As a customer you may be seen as a potential target for fraudulent activities. Your personal and financial information is of sensitive nature and could be misused by fraudsters against you.
    • Personal Information-Name, Address, Mobile Number, PAN number, Aadhar number or any other personally identifiable information.
    • Financial Information- Bank Account Detail, Debit/Credit Card Number, CVV & PIN, Internet/Mobile Banking User ID & Password.
  • Threats and Control
    • Social Engineering

      Social engineering is a technique used by criminals to gain access to your information. Social engineering scams can be both online (such as an email message that asks you to open the attachment, which contains malware) and offline (such as a phone call from someone posing as a representative from your credit card company, placing infected USB to install malware).

      • Phishing Attacks

      Phishing is carried out by e-mail spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Generally, phishing E-mails contain Spelling and grammatical errors and the associated link provided in the Email has different names from the actual website.

      • Other Phishing techniques
        • Tab Nabbing- It takes advantage of the multiple tabs that users use and silently redirects a user to the affected site.
        • Filter Evasion - Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails.
        • Vishing - Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts. Once the phone number (owned by the phisher, and provided by a Voice over IP service) was dialled, prompts users to enter their account numbers and PIN. Visher sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.

      To avoid Phishing attack, be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about your sensitive information.

    • Malware

      Malware is short form for malicious software and used as a single term to refer to virus, spy ware, worm etc. Malware is designed to cause damage to a standalone computer or a networked pc. So, wherever a malware term is used it means a program which is designed to damage your computer. Strong Anti-Malware solution should be used to prevent spread of Malware.

      Your computer may be infected if you recognize any of these malware symptoms:

      • Slow computer performance
      • Erratic computer behaviour
      • Unexplained data loss
      • Frequent computer crashes
    • Ransomware

      This is a form of malware that locks computer files of users to demand ransom for access to those files. Ransomware spreads through phishing, Pirated Software and malicious websites. You can avoid being victim of Ransomware, If you do not click on suspicious links, do not install pirated/illegal software and ensure that your data is backed up on a regular basis.

    • Spoofing

      Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Before clicking on any link/attachment in mail, verify sender detail.

    • Mobile frauds

      Installing Application from unknown sources, granting mobile applications excessive permission, using open Wi-Fi network and sharing OTP may lead to loss of sensitive information and financial loss. We should not enable remote sharing on mobile applications and suitable anti-malware solution should be used.

    • Juice Jacking

      Cybercriminals use USB charging ports available at public places to install malware, steal data or even take complete control of your device. This is referred to as Juice Jacking. We should disable data transfer feature on your mobile phone while charging.

    • Card Skimming

      A device called card skimmer is used to copy information from Credit Card/Debit Card. This information is used for online purchases or to clone the card for cash withdrawal. We should be careful while using your card at ATMs, public places and sharing card detail online.

    • Money Mule

      Victims of Money Mule are used by fraudsters to transfer illegally obtained money through victim's Account. You should not receive money in your account from unknown sources. If money is received in your account accidently, you should inform your Bank and any reversal should be initiated by The Bank crediting money in your account. You should not return money directly to the person who claims to have accidently deposited in your account, instead "the person" contact his own bank.

  • Security Guidelines
    • ATM/Card Security
      • Don'ts
        • Do not write your PIN on the Card or back of the Card and never carry your PIN in your wallet or purse.  It’s best that PIN is only remembered.
        • Never use a PIN that could be guessed easily e.g. your birthday or telephone number.
        • Do not respond to any E-mail or Telephone call purported to have been issued/called by your Bank asking for your user ID, Password, Card details and ATM PIN etc. These are called PHISHING/VISHING attempts. At Bank of India, we honour the trust reposed on us and will never seek such personal details vide email or phone call for any purpose.
      • Do's
        • Sign on the strip on the back of your card as soon as you receive it.
        • Memorize your PIN (Personal Identification number) and destroy all physical evidence of the PIN.
        • Register your mobile number with the bank for getting SMS alerts for your transactions.
        • Any unauthorized card transactions in the account, if observed, should be reported immediately to the Bank. This will help you if fraudulent withdrawal is being done by using your Debit/Credit Card.  You may refer to the tab “How to report fraud” .
        • If you notice anything suspicious or any other problem arises after you have begun an ATM transaction, you may cancel the transaction and leave.
        • Beware of “Shoulder Surfing”. Shield your PIN from onlookers by covering the keypad using your body while entering the PIN.
        • Before leaving ATM, be sure that you have your card and your receipt and ‘Welcome Screen’ is displayed in the ATM after doing the transaction.
        • Please ensure that the card is swiped in your presence at POS (Point of Sale).
        • When you destroy your card upon expiry or closure of your account, cut it into four pieces through the magnetic strip.
        • Look for extra devices attached to the ATMs. These may be put to capture your data. Inform security / bank immediately if any such device found.
    • Internet Banking Security
      • Access Internet Banking only from personal Desktop/Laptop.
      • If shared system/Internet cafe is used, ensure safety guidelines before using Internet Banking.
      • Type Bank’s URL www.bankofindia.co.in in web browser to access internet banking services.
      • Never share your Internet Banking\Mobile Banking User ID& Password and OTP.
      • Use Virtual Keyboard to enter your login details.
      • Use StarToken offered by Bank for enhanced security.
      • Check “website Address” and “Padlock” button before entering user ID & Password
    • Mobile Banking Security
      • Install Banking Applications from known sources only.
      • Apps obtained from unauthorised sources may steal your information.
      • Secure mobile phone where mobile banking application is installed.
      • Make sure your Mobile security patches are updated regularly.
      • Secure your mobile phone using pin and antivirus software.
      • Change PIN of Mobile Banking Application regularly.
      • Disable Wi-Fi and Bluetooth automatic pairing when not in use.
      • Don’t allow your device to auto-join unfamiliar Wi-Fi network.
    • General Guidelines
      • Desktop/Mobile Security
        • Use Licensed Version of Operating System.
        • Security Patches should be regularly updated.
        • An Anti-Virus software should be installed.
        • We should use only authorized software from a trusted source.
        • Out dated software should be removed.
        • We should always lock device screen when we finish using our computer, laptop or phone. For added security, we should also set your device to automatically lock when it goes to sleep.
        • Default Administrator account should be renamed and non-administrator account shall be used.
        • Windows firewall needs to be enabled in all Desktops.
        • Backup your data at scheduled interval.
      • Browser Security
        • Always use the latest version of the preferred browser and update your Web Browser with latest patches.
        • Appropriately configure the privacy, security and content settings which are inbuilt in the browser.
    • E-Mail Security
      • Always use strong password for your email account.
      • Always use Anti-Spyware Software to scan the E -Mails for Spam.
      • Always scan the e-Mail attachments with latest updated Anti-Virus and Anti-Spyware before opening.
      • Always remember to empty the Spam folder.
      • Do not open mail attachments from unknown/suspicions senders. Do not click on any links provided on such mails.
      • Do not provide your personal and private information in any email.
      • It is always better to have third party phishing and spam filter add-on/software.
      • Have multiple Email accounts. Your primary Email account should be shared to a limited extent
    • Password Security
      • Use a unique password for each of your important accounts like email. Choosing the same password for each of your online accounts is like using the same key to lock your home, car and office – if a criminal gains access to one, all of them are compromised. So don’t use the same password for an online newsletter as you do for your email or bank account. It may be less convenient, but picking multiple passwords keeps you safer.
      • Use a long password made up of numbers, letters and symbols. The longer your password is, the harder it is to guess. So make your password long to help keep your information safe. Adding numbers, symbols and mixed-case letters makes it harder for would-be snoops or others to guess or crack your password. Please don’t use ‘123456’ or ‘password,’ and avoid using publicly available information like your phone number in your passwords.
  • Recent Advisories
  • InfoSec Lessons