EMI moratorium fraud has been rising. (Representational image: Pixabay/Mohamed_Hasan)

Amidst the nationwide lockdown due to the COVID-19, RBI had granted three-month loan moratorium to borrowers, meaning they will not have to pay EMIs and other loans during this period. However, cybercriminals are using this information as bait to trick people.

Banks like SBI, Axis, ICICI and others are warning their customers to protect themselves against the EMI moratorium frauds. The scammers try to gain access to borrowers’ banking details as they request OTP or other forms of passwords claiming to help them postpone EMI payments.

“People receive calls from call centres asking them to share their bank account details to avail moratorium on their home loan EMI. The point to remember here is that no bank will ever call you upfront asking for your bank details like OTP, CVV, password or PIN, for providing a moratorium on the EMI,” Rajesh Kumar, Director Cybersecurity, Netrika Consulting told the indianexpress.com.

EMI moratorium option has been around for a long time but it has come to the forefront after RBI Circular amid the lockdown. Fraudsters are using the chance to trick borrowers who have confusion regarding the whole thing.

“Gullible people end up sharing their sensitive financial details and are made to click on links that immediately cost them money. Elderly and lesser-educated people are profiled by fraudsters as people who aren’t tech-savvy and take the decision in haste,” Kumar said.

Warning against such fraudulent practices, Kumar said bank customers should be aware and stay vigilant to stay safe. “One should be confident of whom they are talking to before sharing details or initiating any financial transaction,” he said.

He also advised being careful about the mode of the transaction while making a payment or providing consent with the password, OTPs, or other sensitive information.

People who have already shared their OTP/CVV/password/PIN with the fraudster, should immediately inform the bank through genuine published numbers or links, and request them to stop any related transaction if it is in progress.

“If using a URL for payment, re-verify it as there are malicious websites that appear very similar to the original one with an almost identical interface as the original one,” Kumar said.

What should be done if you have become a victim?

People who have already shared their OTP/CVV/password/PIN with the fraudster, should immediately inform the bank through genuine published numbers or links, and request them to stop any related transaction if it is in progress. Kumar recommends to lodge a formal complaint with the cyber cell of Police and in case they are unavailable or unreachable, report to the nearest police station.

Other scams that are floating at the moment

Ever since the pandemic started, fraudsters have managed to device countless methods based on the coronavirus and related news to scam unsuspecting users. A report published by Barracuda Networks claimed there has already been a steady increase in the number of COVID-19-related email attacks since January.

Between March 1 and March 23, Barracuda Sentinel, a monitoring platform infused with artificial intelligence, detected 467,825 spear-phishing email attacks out of which 9,116 detections were related to COVID-19.

Cybercriminals are even using the coronavirus scare for ransom. The old ‘dirty little secret’ sextortion campaigns have been tweaked to claim that they’ll infect the receiver’s family with coronavirus if they do not pay. Another report by Sophos Labs found that India is among the top 10 sextortion email source countries.

Recently, cybercriminals tried to install malware on smartphones by claiming that Jio and Facebook are offering free 25GB daily data for 6-months. They simply used the deal between Facebook and Reliance as a bait to make their claim sound authentic and threw in COVID-19 lockdown in the mix as well.

Meanwhile, fraudsters have also been found to have set up fake COVID-19 tracker dashboards to hack computers, putting up malicious coronavirus-related websites and apps, posing as WHO authorities to carrying out phishing attacks in the guise of giving coronavirus-related information, setting up fake COVID-19 fundraisers and more.