Mobile Banking Safety Tips & Measures

1. Request money fraud: Fraudsters misuse the request feature on UPI by sending fake payment requests with messages like ‘Enter your UPI PIN to receive money’, ‘Payment successful receive Rs XXXXX’ etc. You need to enter PIN only for sending money.

   Safety tip:

   • Do not 'Pay' or enter your UPI PIN to receive money
   • Do not transfer funds without knowing to whom you are transferring. Ensure due diligence
2. QR code fraud: Fraudsters share a QR code over WhatsApp asking for the code to be scanned to receive money in their account. Once the QR code is scanned on the mobile, all the banking credentials gets shared with the fraudsters. QR code scanning is like granting banking controls to the fraudsters. QR code needs to be scanned only to make payments.

   Safety tip:

   • Never scan QR code for receiving payments
   • Never share your UPI wallets PIN, card details like PIN, One-Time Password (OTP), CVV, expiry date, grid value, types of card (Visa, Mastercard, Rupay, etc.) to anyone even if the person claims to be from bank.
3. Remote access app: Fraudsters lure the customers to download screen sharing/remote access apps like ’Screenshare’, 'AnyDesk', ‘Team Viewer’, etc. from Play Store or App Store. There are more apps similar to these apps that help in providing remote access of device to other users. These apps are not malware, but they do grant access of your mobile data to the third party. Once the app is downloaded, a 9 or 10-digit number (app code) gets generated on customer's mobile/ device which the fraudster would ask the customer to share. Once the fraudster inserts this 9-digit app code on his/her device, then s/he would ask the customer to grant certain permissions which are similar to what are required while using other apps. Post this, the fraudster will gain access to the customer’s device. Then, the customer shares the mobile app credentials and the fraudster can do the transaction through the mobile app which is already installed on the customer’s device.

   Safety tip:

   • Never download third-party apps such as Screenshare, Anydesk, Teamviewer, etc. based on call request from unknown person even if caller claims to be from Bank or wallet company
   • Never download any application/ UPI app/ payment wallet recommended/ requested by any unknown person
4. Social media/impersonation fraud: Fraudsters track complaints in social media and share fake contacts or impersonate bankers or RBI officials in response to a post and ask for confidential information which no banker is supposed to ask for.

   Safety tip:

   • Do not search for helpline numbers on Google, Facebook, Twitter. Instead, check the official website.
5. SIM swap fraud: Fraudsters manage to get a duplicate SIM which provides them access to one-time passwords. They do this by pretending to be from a mobile company and asking you to forward an SMS containing the SIM card number to activate the duplicate SIM.

   Safety tip:

   • Do not respond to texts, e-mails from unknown addresses to click on links.

Need to add these 2 safety tips along with other tips.

Some general safety tips to be remembered:

• Fraudster might ask you to do a legitimate small value transaction after screen sharing, this is to know your UPI PIN or Debit Card details. Disconnect the call immediately.
• Ensure no one is looking at your screen or noticing your finger movement to know your PIN. In case of remote access, the fraudster will be able to view the numbers/buttons/links being clicked.

• Rogue banking apps are illegitimate or “look alike” banking apps with embedded malware with an intention to steal sensitive/critical data or banking credentials. These may be generally available online as freeware
• Cyber criminals are known to imitate legitimate versions of apps and embed them with mobile malware – an act called Trojanizing. These malicious apps are designed to look like real mobile banking apps. Cybercriminals use different tricks like using the same images and icons and closely imitating the publisher’s name

• Some rogue mobile apps may come with well-written legal terms usually highlighting the fact that the app may charge you. Even if these legal terms make the app seem legit, its best you read them carefully
• The rogue app can drain your phone battery really fast. So battery running low frequently might be a sign of infection with malware or virus
• Check your phone bill periodically and keep tabs on any suspicious activity. If you spot unusual activity in your phone or in your bill, contact your mobile network provider
• Check the app’s download page for inconsistencies or misspellings. Those are tell-tale signs of a fake

• Mobile malware can not only steal information, but can also take full control of your mobile device’s functions. Once users access these apps, they unwittingly give out their account information. Some of the impacts of rogue apps may be;
  - Configure your updates
  - Steal passwords, certificates, etc.
  - E-mail screenshots
  - Perform financial transactions on behalf of user/perform financial frauds
  - SMS forwarding, call blocking, ping different applications, reduce battery life and many more

• Before downloading a new app, always check its reviews and ratings from other customers that have used the app,  The publisher which should be ICICI Bank Ltd only
• Take a minute or two to read the app description. This is often where you can distinguish between a real and fake app. Usually fake apps contain irrelevant description/no description about the app functionality and often described with spell errors
• Check for the app’s permissions before installing them

• It’s advisable to download ICICI Mobile Banking apps only from the following app stores as only they are authorised to host ICICI Bank apps
  - Android Play store 
  - Apple iOS App store
  - Nokia OVI store
  - Nokia Android store
  - Blackberry store
  - Windows phone app store
  - Windows desktop app store
  - Amazon Android app store
• All legitimate apps of ICICI Bank published on these stores are through the single developer ID i.e. ICICI Bank Ltd
• No other appstores are authorised to carry apps developed by ICICI Bank. Also, no developer other than ICICI Bank is authorised to release/host apps on the above  stores

• The rogue app should immediately be removed from the device once identified. To remove the rogue app; navigate through the hosted apps on device and select the rogue app you want to uninstall. Restart the device after un-installation
• The device would be free from rogue app threat once uninstalled. But we recommend to change the credentials/passwords of the registered accounts (online banking/shopping credentials, device authentication, folder lock or email passwords, etc.) in the device post un-installation of the rogue app; as such apps gains full access of the device's function until uninstalled
• It is recommended to buy and install a reputed mobile antivirus to minimise the possibility of having your device infected with malware, including rogueware