Mobile Banking Safety Tips & Measures
Mobile Banking Safety Tips
With Mobile Banking, your banking and financial transactions are at your fingertips.
Here are some precautions for safe and secure mobile banking
- Set up a Pin/password to access the handset menu on your mobile phone
- Register/ update your mobile number and e-mail ID for alerts to keep track of your banking transactions.
- Delete junk message and chain messages regularly
- Pay attention while accessing any URL
- Do not browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the link provided in any unsolicited emails and SMSs.
- Only click on URLs that clearly indicate the website domain. Do extensive research before clicking on link provided in the message. When in doubt, you can search for the organization’s website directly using search engines to ensure that the websites you visited are legitimate.
- Exercise caution towards shortened URLs, such as those involving bit.ly and tinyurl. You are advised to hover the cursors over shortened URLs (if possible) to see the full website domain or use a URL checker that will allow you to enter a short URL and view the full URL. You can also use the shortening service preview feature to see a preview of the full URL.
- There are many websites that allow anyone to run search based on a phone number and see any relatable information about whether or not a number is legit.
- If you have to share your mobile with anyone else or send it for repair/maintenance
- Clear the browsing history
- Clear cache and temporary files stored in the memory as they may contain your account numbers and other sensitive information
- Block your mobile banking applications by contacting your bank. You can unblock them when you get the mobile back
- Clear the browsing history
- Do not save confidential information such as your debit/credit card numbers,CVV numbers or PIN's on your mobile phone
- Do not part with confidential information received from your bank on your mobile
- Install an effective mobile anti-malware/anti-virus software on your smartphone and keep it updated
- Keep your mobile's operating system and applications, including the browser, updated with the latest security patches and upgrades
- Password-protect your mobile device to protect against unauthorised access. Set up a Pin/password that is difficult to crack
- Do not enable auto-fill or save user IDs or passwords for mobile banking online
- If possible, maximise the security features by enabling encryption, remote wipe and location tracking on device
- Never leave your mobile phone unattended
- Turn off wireless device services such as Wi-Fi, Bluetooth and GPS when they are not being used. The Bluetooth can be set up in invisible mode
- Avoid using unsecured Wi-Fi, public or shared networks
- Do not use "jailbroken" or "rooted" devices for online banking. Jailbreaking or rooting a device (the process of breaking into the phone's built-in operating system to control it outside the vendor's original intention) exposes the device to additional malware and gains administrative or privileged access of OS
- Only download apps from official app stores such as Apple iTunes, Android Marketplace, Google Play Store and BlackBerry App World
- Never disclose personal information or online banking credentials via e-mail or text message as these can be used for identity theft
- Log out from online mobile banking or application as soon as you have completed your transactions. Also make sure you close that window
- Be aware of shoulder surfers. Be extra careful while typing confidential information such as your account details and password on your mobile in public places
- In case you lose your mobile phone, please call our 24-hour Customer Care to disable the iMobile application
- Always check your bank or service provider’s website for Customer Care numbers or e-mail IDs. Genuine SMS messages received from banks usually contain sender id (consisting of bank’s short name) instead of a phone number in sender information field. (Fraudsters/scammers manipulate caller ID apps and search engines to list themselves as toll free numbers. They then gain your trust and extract sensitive information like OTP, passwords, or Credit Card details.)
- Look out for valid encryption certificates by checking for the green lock in the browser's address bar, before providing any sensitive information such as personal particulars or account login details.
- Never download and install applications from untrusted sources. Install apps downloaded from reputed application market.
- Always verify app permissions and grant only those permissions which have relevant context for the app’s purpose.
- Always remember in settings, do not enable installation of apps from “untrusted sources”.
- Avoid using unsecured, unknown Wi-Fi networks. There may be rogue Wi-Fi access points at public places used for distributing malicious applications.
Fraud related to UPI payment/Payment wallets
- Request money fraud: Fraudsters misuse the request feature on UPI by sending fake payment requests with messages like ‘Enter your UPI PIN to receive money’, ‘Payment successful receive Rs XXXXX’ etc. You need to enter PIN only for sending money.
- Do not 'Pay' or enter your UPI PIN to receive money
- Do not transfer funds without knowing to whom you are transferring. Ensure due diligence
- QR code fraud: Fraudsters share a QR code over WhatsApp asking for the code to be scanned to receive money in their account. Once the QR code is scanned on the mobile, all the banking credentials gets shared with the fraudsters. QR code scanning is like granting banking controls to the fraudsters. QR code needs to be scanned only to make payments.
- Never scan QR code for receiving payments
- Never share your UPI wallets PIN, card details like PIN, One-Time Password (OTP), CVV, expiry date, grid value, types of card (Visa, Mastercard, Rupay, etc.) to anyone even if the person claims to be from bank.
- Remote access app: Fraudsters lure the customers to download screen sharing/remote access apps like ’Screenshare’, 'AnyDesk', ‘Team Viewer’, etc. from Play Store or App Store. There are more apps similar to these apps that help in providing remote access of device to other users. These apps are not malware, but they do grant access of your mobile data to the third party. Once the app is downloaded, a 9 or 10-digit number (app code) gets generated on customer's mobile/ device which the fraudster would ask the customer to share. Once the fraudster inserts this 9-digit app code on his/her device, then s/he would ask the customer to grant certain permissions which are similar to what are required while using other apps. Post this, the fraudster will gain access to the customer’s device. Then, the customer shares the mobile app credentials and the fraudster can do the transaction through the mobile app which is already installed on the customer’s device.
- Never download third-party apps such as Screenshare, Anydesk, Teamviewer, etc. based on call request from unknown person even if caller claims to be from Bank or wallet company
- Never download any application/ UPI app/ payment wallet recommended/ requested by any unknown person
- Social media/impersonation fraud: Fraudsters track complaints in social media and share fake contacts or impersonate bankers or RBI officials in response to a post and ask for confidential information which no banker is supposed to ask for.
- Do not search for helpline numbers on Google, Facebook, Twitter. Instead, check the official website.
- SIM swap fraud: Fraudsters manage to get a duplicate SIM which provides them access to one-time passwords. They do this by pretending to be from a mobile company and asking you to forward an SMS containing the SIM card number to activate the duplicate SIM.
- Do not respond to texts, e-mails from unknown addresses to click on links.
Need to add these 2 safety tips along with other tips.
Some general safety tips to be remembered:
- Fraudster might ask you to do a legitimate small value transaction after screen sharing, this is to know your UPI PIN or Debit Card details. Disconnect the call immediately.
- Ensure no one is looking at your screen or noticing your finger movement to know your PIN. In case of remote access, the fraudster will be able to view the numbers/buttons/links being clicked.
Rogue Banking Apps
- Rogue banking apps are illegitimate or “look alike” banking apps with embedded malware with an intention to steal sensitive/critical data or banking credentials. These may be generally available online as freeware
- Cyber criminals are known to imitate legitimate versions of apps and embed them with mobile malware – an act called Trojanizing. These malicious apps are designed to look like real mobile banking apps. Cybercriminals use different tricks like using the same images and icons and closely imitating the publisher’s name
- Some rogue mobile apps may come with well-written legal terms usually highlighting the fact that the app may charge you. Even if these legal terms make the app seem legit, its best you read them carefully
- The rogue app can drain your phone battery really fast. So battery running low frequently might be a sign of infection with malware or virus
- Check your phone bill periodically and keep tabs on any suspicious activity. If you spot unusual activity in your phone or in your bill, contact your mobile network provider
- Check the app’s download page for inconsistencies or misspellings. Those are tell-tale signs of a fake
- Mobile malware can not only steal information, but can also take full control of your mobile device’s functions. Once users access these apps, they unwittingly give out their account information. Some of the impacts of rogue apps may be;
- Configure your updates
- Steal passwords, certificates, etc.
- E-mail screenshots
- Perform financial transactions on behalf of user/perform financial frauds
- SMS forwarding, call blocking, ping different applications, reduce battery life and many more
- Before downloading a new app, always check its reviews and ratings from other customers that have used the app, The publisher which should be ICICI Bank Ltd only
- Take a minute or two to read the app description. This is often where you can distinguish between a real and fake app. Usually fake apps contain irrelevant description/no description about the app functionality and often described with spell errors
- Check for the app’s permissions before installing them
- It’s advisable to download ICICI Mobile Banking apps only from the following app stores as only they are authorised to host ICICI Bank apps
- Android Play store
- Apple iOS App store
- Nokia OVI store
- Nokia Android store
- Blackberry store
- Windows phone app store
- Windows desktop app store
- Amazon Android app store
- All legitimate apps of ICICI Bank published on these stores are through the single developer ID i.e. ICICI Bank Ltd
- No other appstores are authorised to carry apps developed by ICICI Bank. Also, no developer other than ICICI Bank is authorised to release/host apps on the above stores
- The rogue app should immediately be removed from the device once identified. To remove the rogue app; navigate through the hosted apps on device and select the rogue app you want to uninstall. Restart the device after un-installation
- The device would be free from rogue app threat once uninstalled. But we recommend to change the credentials/passwords of the registered accounts (online banking/shopping credentials, device authentication, folder lock or email passwords, etc.) in the device post un-installation of the rogue app; as such apps gains full access of the device's function until uninstalled
- It is recommended to buy and install a reputed mobile antivirus to minimise the possibility of having your device infected with malware, including rogueware
Choose iWish flexible
RD to fulfill them