Online Fraud Helpline

Most victim compensation programs do not cover the money lost to fraud or fraudulent schemes. You must check for your specific state laws regarding victim compensation. Civil justice may be the only legal option to recover lost money.

Financial fraud happens when someone deprives you of your money or otherwise harms your financial health through misleading, deceptive, or other illegal practices. This can be done through a variety of methods such as identity theft or investment fraud.

Online Fraud

Consumers aren’t the only ones at risk of online fraud. From recent data breaches at major retailers to increasing incidents of fraudulent emails, businesses are increasingly at risk of email and online fraud.  Many online safety precautions that apply to consumers can also protect businesses.

Types of Online Fraud

This topic explains the following types of online fraud:

• Phishing
• Vishing
• Hijacking
• Malware and Botnets

Phishing

“Phishing” (pronounced “fishing”) is when criminals use email to try to lure you to fake websites, where you are asked to disclose confidential, financial, or personal information like passwords, account numbers, or transaction information.

The most common type of phishing is an email threatening some dire consequence if you do not immediately log in and take action.

You should never respond or reply to email that:

• Requires you to enter organizational or personal information directly into the email or submit that information some other way
• Threatens to close or suspend your account if you do not take immediate action by providing specific information about you or your company
• Solicits your participation in a survey where you are asked to enter personal information
• States that your account has been compromised or that there has been third-party activity on your account and requests you to enter or confirm your account information
• States that there are unauthorized transactions on your account(s) and requests your account information
• Asks you to enter your User ID, password, or account numbers into an email or non-secure website
• Asks you to confirm, verify, or refresh your account information
• Directs you to a screen that asks you to provide additional data beyond your normal login information
• Asks you to validate account information for banking systems you do not use

Vishing

Phishing scams can have a phone connection. First, it was “phishing,” where criminals send email by the thousands in hopes of tricking unsuspecting users into sharing confidential information.

Now, there is “vishing.” In this latest twist, fraudsters use a telephone number in the phishing email instead. If you call, a person or an automated response system will ask for your personal or account information.

When you call J.P. Morgan, only call the phone numbers we have provided directly to you during your program implementation.

REMINDER: J.P. Morgan will never ask you for your password.

Hijacking

Hijacking is a type of network security attack in which the attacker takes control of a communication, just as an airplane hijacker takes control of a flight, between two entities and masquerades as one of them. Hijack attacks may be used simply to gain access to information or the attacker may pose as that user and do anything the user is authorized to do on the network (i.e., move money).

If you are not able to successfully access PaymentNet during normal business hours and you receive one of the responses below, you should immediately contact your program administrator and then call your J.P. Morgan Customer Service representative or Client Application Support:

• A message that the system is down for maintenance (especially during normal business hours) that is not consistent with the pre-advised extended outage Alerts
• You receive a blank screen, instead of the PaymentNet home screen
• The PaymentNet home screen does not look normal (options are missing)
• The PaymentNet Log In screen appears repeatedly and requests that you log in again

Malware and Botnets

Recent developments in the area of cyber security point to a sharp increase in the number and complexity of online security attacks. These attacks are of particular concern because they can target users of financial applications at large banking institutions such as J.P. Morgan.

One of the most common of these attacks injects malicious software, known as “malware” onto a user’s machine. The malware is then able to “enslave” the machine as part of a network of “robot” computers. A network of robot computers is referred to as a “botnet.”

The use of malware distributed via botnet allows fraudsters to override existing security methods as well as harvest highly sensitive data and security credentials and possibly perform fraudulent transactions.

Malware or a Botnet can:

• Record all keystrokes entered via the user’s keyboard, including all passwords, User IDs, account numbers, Social Security Numbers, and so forth. This is called key stroke logging and is a common feature of malware exploits.
• Forward this confidential information back to a central fraud database for use immediately, a later time, or to be sold to another fraudster for a profit.
• Allow a fraudster to take direct control of a user’s machine and all of the applications without presenting security credentials to gain access.
• Enslave the user’s machine within the botnet, allowing the fraudster to launch subsequent security attacks from the machine, which helps the fraudster avoid detection by law enforcement.

Types of Financial Crimes

1. Identity Theft Someone steals your personal financial information, such as credit card number or bank account number, to make fraudulent withdrawals from your account. Sometimes people will use the information to open credit or bank accounts and leave the victim liable for all the charges. Identity theft may lead to damaged credit rating, bounced checks/denied payments, and being pursued by collection agencies.
2. Investment Fraud This type includes selling investments or securities with false, misleading information. It could be false promises, hiding facts, and insider trading tips.
3. Mortgage and Lending Fraud A third-party may open a mortgage or loan using your information or using false information. In another case, lenders may sell mortgage or loans with inaccurate information, deceptive practices, and other high pressure sales tactics.
4. Mass Marketing Fraud The fraud is committed through mass mailings, telephone calls, or spam emails. It also includes fake checks, charities, lotteries, honor society invitations, and more. These modes are used to steal personal financial information or to raise contributions to fraudulent organisations.

The best way to avoid falling victim to malware attacks is to practice good computer hygiene by following the recommended security best practices for PaymentNet users described here.

Helpline to Curb Online Fraud

After the success of a pilot project, the Bengaluru police have launched a helpline, the Cybercrime Incident Report (CIR) system, to address online fraud complaints. Bengaluru Police commissioner Kamal Pant explained that as per the new initiative, launched in the first week of April, any victim of online financial fraud can lodge a complaint by calling a police helpline number. “Based on the information provided by complainants, the police will work with the Reserve Bank of India (RBI) and freeze the account to which the money has been transferred,” he said.

According to National Crime Records Bureau data, in 2019, Bengaluru recorded the highest number of cybercrimes among all metro cities in India with 10,668 cases. The city closest to Bengaluru was Mumbai, which reported 1,482 cybercrimes that year.

Among the cybercrimes in the city, phishing, smishing and vishing have been a big concern for both citizens and the police. According to experts, phishing is a type of financial fraud where criminals defraud, dupe or mislead people through email. The number of phishing emails have risen in the past few years and have got a lot more sophisticated, experts said. ‘Vishing’ is over-the-phone phishing, where scammers try to persuade people to share information by posing as bank staff or other financial service employees. ‘Smishing’ is SMS phishing where text messages are sent trying to encourage people to pay money out or click on suspicious links.

In the current system, if a person loses their money in an online fraud or phishing, they have to approach a police station or one of the dedicated cybercrime police stations in the city. This is a time-consuming process and any delay in such cases could make the recovery of the money difficult, experts added.

A pilot project was launched in the last week of December 2020, which was deemed success by the Bengaluru police, which received around 20 calls per day. “Our aim is to make the process of lodging a complaint people friendly. Such system is being introduced for the time in the country,” said the police commissioner.

Explaining how the new system works, deputy commissioner of police, command centre, Isha Pant said a victim of online financial fraud has to call 112 and raise a complaint, giving available details. “This is registered as a Cybercrime Incident Report (CIR). This is not a First Information Report (FIR) but a CIR. The details are then given to cybercrime investigators, a team dedicated to this process, operating out of the police command centre. They network with banks and RBI and freeze accounts following an investigation,” she said. She added that the cybercrime investigators have received training in handling such cases and they would make use of the mobile number from which the victim got a call or the details of the bank to which to money was transferred.

“RBI already has a Standard Operating Procedure for such frauds or the project. As per that, it is very important that the complaint is lodged within 2 hours of the fraud. RBI calls this the golden hour because it is the time available before this money is transferred or withdrawn,” the officer added.

A CIR is not an official complaint. In case the money is retrieved by the police, in order to get it back, the victim should lodge an FIR. “The FIR is an official complaint. CIR is part of the process to fast track the investigation. Once the money is retrieved, it can be given to the victim through a court order,” Pant added.

So far, Bengaluru Police have five dedicated lines for cybercrimes and 20 cybercrime investigators working in three shifts, which is expected to be expanded over the coming months, said an officer.

In 2019, Bengaluru recorded the maximum 10,668 cybercrime cases, followed by Mumbai with 1,482, Lucknow (962), Hyderabad (428) and Jaipur (415). In Bengaluru, the number of cases showed a 91.51% increase in a year from 2,743 in 2017 to 5,253 in 2018, as per NCRB data.