Friday, February 10, 2012
Google  
Web voicendata.com
  RSS | Archive    
 Home > bpOrbit > COMMENT > Beware of Defrauders
  COMMENT
Beware of Defrauders
While the instances of phishing seem to have reduced, the banking industry is staring at another menace called 'Vhishing' by defrauders. How to deal with them?
Wednesday, February 07, 2007
Print Comment Email DiggDigg DeliciousDel.icio.us RedittReddit

The Indian banking industry especially the top private banks has kept pace with the use of technology in banking, matching the best of facilities that international banks offer. This includes providing top of the line Internet, phone banking and, of course, 24/7 customer care support. However, much like the many international banks, Indian banks have also been victims of organized crime like defrauding. There have been several instances of phishing"-wherein emails purportedly from your bank ask you to enter/update sensitive account information. With much awareness campaigns through media from the banks, the instances of phishing seem to have reduced, but the banking industry might be staring at another more sophisticated form of phishing, known as 'Vhishing', short for voice-based-phishing.

What is Vhishing
First, to understand vhishing, let's go through the phone banking process. When you dial the phone banking number, you are put to an automated system backed by interactive voice response (IVR) technology. This is a technology that uses the data entered through the touch pad of telephones to interact with a database. There is a back-and-forth interaction between the database and the person entering the data and there is no human interaction involved except the user. The first step after dialing the number is to verify your identity. For this, the system asks for your ATM/debit card/credit card number and its corresponding PIN number. The numbers that you enter are matched against the banks' database and if you have entered the correct numbers, you go ahead and select the feature you require, say, 'cheque book request' through further interaction with the system.

As an anti-fraud professional, I can tell you that every fraud involves an element of deceit, and plays on the confidence of the user. Vhishing exploits a customer's confidence in the IVR system. With the help of VoIP technology, the scamsters setup similar automated systems with much the same messages and 'flow' of the recorded messages of the real bank's automated systems. They may, though, introduce few more questions asking for sensitive information that a real bank may not.

There are two variations to this scam: either you are asked to call a specific number, or you get a phone call on your number. In case of the first variation, you get an email, again, purportedly from the bank with text like: "After three unsuccessful attempts to access your account, your online profile has been locked. This has been done to secure your accounts and to protect your private information. Please verify your account and your identity using our automated account verification number. Call our toll free number...and follow the instruction." Further, they even play it up by advising you, "please don't send any information through email as it is an insecure medium of communication". On dialing the said number, you get the standard "Welcome to ABC Bank..."And, of course, by the end of the call, you have handed over your bank account to the scamster!

Vhishing is a serious threat not only to the customers, but also to consumer perception and confidence when it comes to using phone banking facilities

In the second variation, the customer gets a call on his phone number and a recorded message is played assuring him that the caller is from a bank and the call is to verify the identity of the customer. After this message, the customer is directed immediately to the automated voice response system.

This is a serious threat not only to the customers, but also to consumer perception and confidence when it comes to using phone banking facilities.

The Way Out
So, how do we deal with this? One easy way is to visit the bank's 'contact us' page and verify the phone numbers. However, even this may not be fool proof as there are caller-ID spoofing devices that mask the real number and allow the scamster to display a fake number. So I will give you a simple tip: enter the wrong pin number when asked for. A genuine system would already have your PIN in the database, and would say incorrect PIN, but a fake one would not.

Pradeep Akkunoor
The author is director, Indiaforensic Consultancy Services, a forensic accounting and fraud investigations firm that helps BPOs and IT firms manage their fraud risk. He can be reached at pradeep@indiaforensic.com

Page(s)   1  

Print Comment Email DiggDigg DeliciousDel.icio.us RedittReddit
Mobile Tips for the IT industry
Idiot Box Adds Options
NextGen Net
 

Subscribe to our Newsletter
Name:
Email Address:




 

Current Issue
Click here to book your copy now






Your Opinion Matters

Does cloud computing cast a cloud on the future of IT professionals?

Is your Accounts Payable Solution working for you? Think Again…

   CIOL Services
IT News | IT Jobs | IT Outsourcing | IT Shopping
 



  For Voice&Data Print Subscription
  [ Magazine Subscription ]  [ Contact Info ]  [ Media Kit ]
 
Other CyberMedia web sites
[Dataquest]  [PCQuest]  [CIOL]  [Living Digital]  [CMR India]
[DQ Channels]  [The DQweek]  [CyberMedia Events]
[CyberMedia Digital]  [Cyber Astro]  [CyberMedia India]
[Global Services]  [BioSpectrum]  [BioSpectrum Asia]  [DARE]
[Computer Shopper]   [College Buying Guide]   [Technology Review

CyberMedia India Ltd

 
  Copyright © CMIL. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
Usage of this web site is subject to terms and conditions.
Broken links? Problems with site? Send email to webmaster@ciol.com