Chennai: Saliha Jabeen, a Chennai-based corporate executive, was in for a surprise last month when around ₹20 lakh was credited into her account by her bank. Within a matter of a few minutes, almost ₹15 lakh of this went into multiple accounts. She did not know from where she got the money, and also where the three-fourth of it went away.
“Dear user, your bank account will be blocked at 09:30 pm today. Please update your PAN Card immediately on the bank app — This was the message I got from the leading private sector bank last month. I found that all my details were pre-filled in a form. Suspecting a malicious activity, I closed the app. But, I found that the OTP sent to my phone was also going to another number. Within a few minutes around ₹20 lakh was credited into my account from the bank,” Jabeen said, according to the First Information Report that was registered by the cybercrime cell of the Chennai police.
Jabeen immediately called the bank helpline. Before the bank executive could block the transactions from the account, around ₹15 lakh got transferred into multiple accounts.
The next day, Jabeen received an email from the bank informing her about the ₹20 lakh personal loan she had to repay.
While Jabeen’s bank account and phone were hacked, what was surprising for her was that the bank had approved a loan and credited the money only based on an online application without checking with her and without her physical signature.
Jabeen’s case is not an exception. In order to make approval to personal loans easy and quick, security aspects are often overlooked, making bank accounts and transactions vulnerable to hackers.
According to the Statista Research Department, in the financial year 2022, banking frauds in India amounted to ₹1.38 lakh crore. “When basic cyber hygiene is not robust, it leaves governments and organisations extremely vulnerable to cyberattacks,” said Srinivas Mukkamala, Chief Product Officer at Ivanti. “All organisations and governments must remain vigilant when shoring up their cyber defences.”
Securin Inc. and Ivanti in their latest report said that over 10 per cent of domains in Indian states do not have the Secure Sockets Layer (SSL) encryption — a basic security protocol layer. Without the SSL encryption, hackers and threat groups can mount attacks easily and intercept sensitive data.
