Types of Banking Frauds

a) Phishing

Phishing is an attempt by fraudsters to 'fish' for your banking details. A phishing attempt usually is in the form of an e-mail that appears to be from a legitimate source such as the Bank. The e-mail usually encourages you to click on a link that takes you to a fraudulent login page designed to capture your details.

E-mail addresses can be obtained from publicly available sources or through randomly generated lists. Therefore, if you receive an e-mail that appears to be from the Bank, it does not mean that your e-mail address, name, or any other information has been provided from our systems.

How The Fraudsters Operate?

1. Fraudsters will send fake e-mails claiming that your information has been compromised, due to which the Bank account has been deactivated/suspended, and ask you to confirm the authenticity of your information/transaction(s) like credit card number, personal identification number (PIN), passwords or personal information, such as mother's maiden name. In order to prompt a response, such e-mails usually resort to using statements that convey an urgent or threatening condition concerning your account.
2. While some e-mails are easy to identify as fraudulent, others may appear to be from a legitimate source. However, you should not rely on the name or address in the ”From“ field alone, as this can be easily duplicated.
3. Very often, such phishing e-mails may contain spelling mistakes. Even the links to the counterfeit websites may contain URLs with spelling mistakes, to take you to a fake website which appears like that of the Bank.
4. Some fake e-mails promise a prize or gift certificate in exchange for you completing a survey and/or answering a few questions. In order to collect the alleged prize, you may be asked to provide your personal information.
5. Some fake e-mails appear to be sent by companies to offer a job. These are often for work-at-home positions and are actually schemes that victimize both the job applicant and other customers. Fake e-mails may direct you to counterfeit websites carefully designed to look real. Hence such websites may look very similar and familiar to you, but are in fact used to collect personal information for illegal use.
6. Such e-mails attempt to convey a sense of urgency or threat. Example: ”Your account will be closed or temporarily suspended if you don't respond.” Or, ”You'll be charged a fee if you don't respond.

Tips To Protect Yourself From Phishing

1. The Bank will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet Banking security details like PIN, password or account number, you should not respond.
2. Whenever you use a link to access a website, be sure to check for the URL of the website and compare it with the original. We recommend that you type in the URL yourself whenever you access www.icicibank.ca or bookmark/store the URL in your list of 'Favorites'.
3. Delete suspicious e-mails without opening them. If you happen to open them, do not click any link or attachment they may contain.
4. If you receive a job offer via e-mail, ensure that it's from a genuine and reputed company.

b) Spoofing

Website spoofing is the act of creating a website, as a hoax, with the intention of performing fraud. To make spoof sites seem legitimate, phishers use the names, logos, graphics and even codes of the actual websites. They can even fake the URL that appears in the address field at the top of your browser window and the Padlock icon that appears at the bottom right corner.

How Do The Fraudsters Operate?

Fraudsters send e-mails with a link to a spoofed website asking you to update or confirm account related information. This is done with the intention of obtaining sensitive account related information like your Internet Banking user ID, password, PIN, payment card / bank account number, card verification value (CVV) number, etc.

Tips To Protect Yourself From Spoofed Websites

1. The Bank will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet Banking security details like PIN, password or account number, you should not respond.
2. Check for the Padlock icon: There is a de facto standard among web browsers to display a Padlock icon somewhere in the window of the browser. For example, Microsoft Internet Explorer displays the lock icon at the bottom right of the browser window. Click (or double-click) on it in your web browser to see details of the site's security. It is important for you to check to whom this certificate has been issued, because some fraudulent websites may have a padlock icon to imitate the Padlock icon of the browser.
3. Check the webpage’s URL. When browsing the web, the URLs (web page addresses) begin with the letters "http". However, over a secure connection, the address displayed should begin with "https" - note the "s" at the end.

For example: Our home page address is http://www.icicibank.ca. Here the URL begins with "http" meaning this page is not secure. Click the tab under "Login". The URL now begins with "https”, meaning the username and password typed in will be encrypted before being sent to our server.

a) Vishing

Vishing is a combination of Voice and Phishing that uses Voice over Internet Protocol (VoIP) technology wherein fraudsters pretend to represent real companies such as the Bank in an attempt to trick unsuspecting customers into providing their personal and financial details over the phone.

How The Fraudsters Operate?

A typical vishing attack could follow a sequence such as this:

1. The fraudster sets up an automatic dialler, which uses a modem to call all the phone numbers in a region.
2. When the phone is answered, an automated recording is played to alert the customer that his/her payment card has had illegal activity and that the customer should proceed with the call in order to correct the issue. Normally it will ask the customer to stay on the line or request they select an option or call the recorded phone number immediately.
3. When the customer chooses to proceed with the call, a computer-generated voice or live individual will tell the customer they have reached 'account verification' and instructs the customer to enter or tell their personal and financial information. A visher may not have any real information about the customer and would address the customer as 'Sir' and 'Madam' and not by name or the prefix 'Mr....' or 'Ms...'.
4. On the call the visher may obtain details such as payment card number and PIN, expiry date, date of birth, bank account number, etc.
5. Once a customer provides the requested information, the "visher" has all of the information necessary to proceed with fraud.

Tips To Protect Yourself From Vishing

1. The Bank would have knowledge of some of your personal details. Be suspicious of any caller who appears to be ignorant of basic personal details like first and last name (although it is unsafe to rely on this alone as a sign that the call is legitimate). If you receive such a call, report it to the Bank
2. Do not call and leave any personal or account details on any telephone system that you are directed to by a telephone message or from a telephone number provided in a phone message, an e-mail or an SMS especially if it is regarding possible security issues with your payment card or bank account.
3. When a telephone number is given, you should first call the phone number on the back of your payment card or on the bank statement to verify whether the given number actually belongs to the Bank.

a) Skimming

Skimming is a method used by fraudsters to capture information from your payment card to be used later to conduct fraudulent transaction(s).

Fraudsters perpetuate this type of fraud by capturing your payment card information by way of a copying device normally known as a skimmer. The captured information will then either be stored within the device or transmitted to a designated computer to be used later for fraudulent activities.

Tips To Protect Yourself From Skimming

1. Be alert - keep your card in your sight at all times during transactions to ensure your card is not swiped through a foreign device.
2. Protect your PIN - shield the keypad when you enter your PIN at an ATM or point-of -sale terminal.
3. Check your receipts - ensure they display the correct amount, date, time.
4. Review statements regularly - report unauthorized transactions to the Bank immediately.

b) Telemarketing offers and promotions

From time to time, many companies will offer promotional items online whereas it would appear that the offers are free. What many do not realize is that within the terms and conditions stipulate upon signing up for the offer they have agreed to continue services from the company which come with a cost or have automatically been enrolled in a monthly service. These hidden costs are something that can catch a payment card holder off guard once charges start impacting their accounts.

Tips to protect yourself from telemarketing offers and promotions

1. Ensure you understand what you are signing up for by reading the terms and conditions or disclaimers.
2. Allow time to do your homework. Don't invest or buy a product or service without fully understanding what it is and verifying whether it is legitimate. Never provide your payment card or account number when prompted.
3. If you come to learn that the promotional offer contains unwanted add on then proceed to contact the merchant to cancel immediately. If no resolution is made after the attempt, immediately contact the Bank.

c) Lost/Stolen Card – Unauthorized transactions

The unfortunate reality is that you can have your payment card stolen, misplaced or lost which might lead to unauthorized activity. These unauthorized transactions can be in the form of an ABM, point of sale or online transaction.

Steps to be taken once you realize your payment card has been stolen.

1. Contact the Bank immediately by way of attending a branch or calling the call centre at 1-888-424-2422 to report your payment card lost/stolen.
2. Review your account to ensure there are no unauthorized transactions. If found, report immediately to the Bank.

Tips to protect yourself from unauthorized transactions as a result of losing or having your payment card stolen.

1. Never write down your PIN number.
2. Always cover the keypad when completing your transaction.
3. Always be aware of your surroundings.
4. Try not to use the same pin number for different payment cards.

Cheque fraud is a criminal act that involves the misrepresentation of a negotiable item such as a personal/business cheque, draft or money order.

Many people still receive cheques in the form of payments for a variety of reasons. Unfortunately, there will be times when a cheque will be presented and deposited which turn out to be fraudulent without the receiver’s knowledge. This could be from the sale of an asset in which the buyer has paid by way of a cheque or rent payments.

Two of the most common types of cheque fraud are counterfeit or altered cheques.

Counterfeit cheque - A cheque that has been copied or made to look like the original cheque.

Altered cheque - An original cheque that has unauthorized changes made to it such as the altered amount or payee.

Tips To Protect Yourself from Cheque Fraud.

1. Do not deposit third party cheques from individuals not known to you.
2. If there are apparent damages or possible signs of tampering on a cheque, request a new cheque.
3. If you come to learn that a cheque is fraudulent and you have deposited it into your account, report the matter to the Bank immediately.

Scams

Many individuals fall victim to cheque fraud by way of scams. These scams are set up where the victim is targeted and persuaded to perform actions that would compromise their bank account. In many instances, the same method is used by a scammer in which a fraudulent cheque is mailed to the victim’s attention with instructions to deposit the cheque into their account and withdraw all funds. Once the cheque has been identified to be fraudulent, and if the funds are withdrawn or moved, the victim maybe held liable.

Tips to Protect Yourself from Scams

1. Never conduct financial activity on behalf of a supposed employer or company when asked.
2. When receiving payments in form of cheques, be cautious of overpayments and requests to return funds.
3. Never accept cheques from unknown sources or deposit on behalf of a third party.
4. Conduct due diligence on the sender of the item such as verify the authenticity of the company or person.