Do not trust any incoming phone calls or mails that ask you to install any file or programme, warns Niranjan Upadhye, general manager-fraud risk management, Worldline India.
Over the years, we have seen people transforming their shopping habits from brick-and-mortar merchants to those who are providing Internet-based payment services during prolonged lockdowns caused by COVID-19.
And this is not only limited to essential commodities and daily provisions, but also for discretionary items and luxuries, including entertainment, electronics and white/ brown goods etc.
A whole new set of consumers who were hesitant to shop online have started using their cards, e-wallets, UPI apps and other ways to remotely effect payments and transactions electronically.
As humans, we are wired to indulge, have fun and soak ourselves in celebrations, events and festivals.
The retail therapy, whether indulged in the physical world, or virtual, has been proven by scientists and psychologists that it brings a sense of joy and contentment.
It may be true that especially during the festive season; people tend to let down their guard. That is when some of us become victims of frauds.
Here's a quick primer on the top six things that you should bear in mind while effecting online payment this festive season, and even otherwise, to prevent your joy from turning sour.
1. Beware of spurious Web sites
Fraudsters construct Web sites by misusing reputed brand names and lure victims to get their card and banking details.
A costly phone or a laptop could be advertised and be available at 40% to 50% discount on a less popular or new e-commerce Web site.
Desperate consumers are advised to first check the authenticity of such Web sites.
Here's how one can do that.
One can check whether the Web site begin with 'https://' (It means the Web site has a security certificate).
Many fraudulent and temporary Web sites are hosted on domain registrar and web hosting companies, which, by the way are legitimate companies. However, there are a few different levels of validation, some of which are easier to get through than others.
The lowest level of validation, Domain Validation (DV), will just validate ownership of the domain and not the legitimacy of the organisation requesting the certificate.
In other words, if you bought the domain 'amaz0ne.in' and requested a certificate for it, you would get the certificate because you own the domain.
The highest level of validation, Extended Validation (EV), is the safest and most extensive.
With Extended Validation the company requesting the certificate has to prove their identity as well as their legitimacy as a business. You can tell if a site has an EV certificate by looking at the address bar.
Browsers show a green address bar with a lock icon for Web sites with EV certificates. Therefore, if someone succeeds in hosting a fraudulent Web site, for example, www.Amaz0ne.in (note the zero -- '0' instead of letter 'o' -- the slight change in spelling) with SSL, it wouldn't have an EV SLL certificate.
Only the legitimate owner Amazon would be qualified to be EV SSL certified.
2. Do not click on embedded links in messages or mails
If you click on the genuine-appearing hyperlink within a message, it may still take you to a fraudulent Web site.
Just the way one should never judge a book by its cover, one must always type in carefully the name of the shopping portal in the browser, and not click any hyperlink including shortened links that promise to land you at the merchant portal.
3. Beware of Search Engine listing frauds
Never trust the contact details of any shop or business on the Internet search engine.
By using clever and shady methodologies, fraudsters can cause the search results of fictitious, duplicate, Web sites to appear at the top of your search.
These manipulated results of businesses lists the phone numbers and e-mail IDs controlled by fraudsters, and make it appear as if they are legitimate business of banks, insurance companies, supermarkets, wine shops etc.
If customers call or write to such entities, it is most likely that they may be interacting with fraudsters.
Under the guise of 'validating' customers, criminals can, in a piecemeal manner get all the information that they need to take over your card/wallet/account to bleed you dry.
Always call a number published on the Web site of your genuine service provider or write to their known and declared customer service e-mail ID, when initiating a communication.
Never give out card/account information and Card Security codes/ OTPs to anyone.
4. Protect yourself from Malware
If devices are infected with malware, it can intercept anything that is sent out by users like card or personal information, or that is received by users such as OTPs and e-mails.
It is advisable to install a paid, reputed, anti-malware in your devices and keep the protection current. This filters and keeps out intrusions into your computer or mobile device.
5. UPI Collect frauds
Under the guise of sending or refunding some amount, crediting a prize, a cashback or validating identity, criminals can send a 'UPI Collect' request or a QR barcode to scan, and ask users to validate with their PIN in UPI App.
Remember, an incoming UPI payment does not need you to type in your PIN. If someone is asking you to do that, you are being conned.
6. Interface Emulation Customer Support Fraud
Under the ruse of validating KYC details, criminals get their victims to install a software that emulates their desktop or device screen on their own system, effectively taking control of the customer's credentials and transaction environment.
They may confuse users or scare them to share their screen by assuring them with consequences that their wallets, accounts would be blocked if not obliged.
Users are advised to not trust any incoming phone calls or mails that ask you to install any file or programme.
If in doubt, call the customer support number of your bank that is published and well known to check out the matter.
Understanding and following these basic tenets of the online shopping and transactions will help customers retain their hard-earned money.
Remember to deal with reputed Web sites and portals only.
It may not offer you the deep discounts as compared with some unknown portals, but at least you can be assured of receiving genuine products and good customer support should you ever need it.