It has come to the notice of the Reserve Bank of India that unscrupulous elements are using various methods to defraud members of the public by using the name of RBI in some capacity. A brief on various modus operandi employed by such fraudsters is as below:
i) Enticing tactics: Fraudsters use fake letter heads and fake email addresses of RBI, impersonating as employees of RBI, and lure people with fictitious offers such as lottery winnings, fund transfers, foreign remittance, government schemes, etc. Targeted victims are made to part with money in the form of currency processing fee, transfer/ remittance/ procedure charges, etc. Another tactic that has come to our notice is of small/ medium businesses being approached by fraudsters posing as government/ RBI officials and made to pay a “security deposit” under the garb of a government contract or scheme, with the promise of attractive payments.
ii) Intimidating tactics: Victims are contacted over IVR calls, SMS, emails, etc., whereby fraudsters impersonate as RBI officials and threaten to freeze/block/deactivate bank accounts of recipients and convince/ coerce them to share certain personal details, account / login details/ card information, PIN, OTP, etc. or install some unauthorised/ unverified application using a link provided in the communication. Instances of fraudsters impersonating officials from Government agencies/ RBI and threatening victims for having sent or received illegal goods and items, and being involved in suspicious banking transactions, money laundering, counterfeiting, etc., have also come to our notice. The Bank is in cognizance of various reports surfacing on incidents of “Blackmail” and “Digital Arrest” by Cyber Criminals.
iii) Fake accreditation of RBI: RBI has come across some websites and apps of entities such as unauthorized digital lending apps and other supposed financial services providers, which fraudulently claim to be registered with RBI as NBFC, digital lending app, Payment System Operator, etc.
RBI has directed to not share account login details, personal information, copies of KYC documents, card information, PIN, password, OTP, etc. with unidentified persons or agencies. Further, such details should not be shared through unverified/unauthorised websites or applications.