Rajesh Katoch, CEO, EZ Capital, Kunal Varma, Co-founder & CEO, Freo and Atit Shah, Chief Risk Officer, Arka Fincap, share comprehensive insights on protecting against frauds:
Ravi Lalwani: Given the massive shift towards mobile banking what kinds of cyber frauds have increased the most?
Rajesh Katoch: Mobile banking has resulted in a sharp increase in phishing, SIM swapping, and mobile malware attacks. These cyber frauds involve stealing sensitive financial information, allowing hackers to steal funds, and identities, or even disrupting mobile banking services. As mobile banking grows, financial institutions and users have to be on their guard and implement robust security measures to prevent these cyber frauds.
Kunal Varma: Digitization of banking services has indeed opened doors for several types of cyber fraud. Mobile banking fraud has become particularly prevalent, with criminals gaining unauthorized access to banking applications to steal sensitive information and make fraudulent transactions. Card-not-present (CNP) fraud has also seen a substantial rise, particularly on e-commerce platforms where physical cards aren’t required for transactions. We have also observed a surge in synthetic identity fraud, where criminals create fake identities using a mix of real and fabricated data to open bank accounts and apply for credit cards through digital services.
Atit Shah: Cybercriminals employ various tactics to exploit vulnerabilities in digital banking systems and deceive users into compromising their financial security. Among the most prevalent methods is phishing and smishing, where fraudulent emails or SMS messages mimic legitimate bank communications, luring users into clicking malicious links that steal sensitive information. Credential stuffing is another common attack, leveraging stolen usernames and passwords from data breaches to gain unauthorized access to bank accounts. SIM swapping poses a significant threat, as fraudsters trick or bribe mobile service providers to gain control of a victim’s phone number, intercepting OTPs crucial for banking transactions. Malware attacks also remain widespread, targeting mobile devices with malicious software designed to harvest banking credentials or facilitate unauthorized transactions.
Additionally, fake banking apps, crafted to closely resemble legitimate ones, are deployed to capture users’ sensitive information. QR code scams involve replacing authentic QR codes used for payments or transactions with malicious ones, redirecting funds to the attackers’ accounts. Rogue apps that appear harmless often request excessive permissions, enabling them to access critical banking data stored on a device. Man-in-the-middle (MitM) attacks are another concern, where attackers intercept data exchanges between a user’s device and the bank’s servers, particularly on unsecured public Wi-Fi networks.
Fake customer support scams involve fraudsters posing as bank representatives, convincing users to divulge OTPs, PINs, or account details via phone or chat applications. Social engineering exploits human psychology, persuading victims to perform actions like transferring funds or installing harmful apps under false pretenses. Peer-to-peer payment fraud is another growing threat, with scammers manipulating instant money transfer platforms to execute unauthorized transactions or deceive users into making payments under fraudulent claims. Together, these tactics highlight the critical need for robust cybersecurity measures and user awareness to mitigate risks in the digital banking landscape.
Which kinds of data points are used for the most useful type of cyber fraud detection?
Rajesh Katoch: Machine learning algorithms making use of data points about user behavior, transactional patterns, IP addresses, device information, and log locations have been found effective in detecting cyber fraud. Those data points help detect the anomaly and pattern, leading financial institutions to take proactive measures in an attempt to prevent cyber fraud.
Kunal Varma: In our experience, behavioral analysis and content-based analysis have proven to be among the most valuable data points for detecting cyber fraud. These techniques allow us to identify anomalies in user behavior that may indicate fraudulent activity. Real-time link analysis has also proven crucial, enabling us to scrutinize URLs in emails and web content as soon as they are accessed. Geospatial data and location-based transaction patterns have been particularly effective in identifying fraudulent transactions originating from multiple locations. Furthermore, AI-powered systems have significantly enhanced our ability to process large volumes of data in real time, recognizing complex patterns and subtle changes that might indicate unusual activitiy.
Atit Shah: Advancements in data analytics and artificial intelligence now enable real-time fraud detection, making it possible to stay ahead of evolving threats. One of the most effective tools is the analysis of transaction patterns. Deviations from the baseline pattern, such as unusually large purchases or transactions from foreign locations, often serve as red flags. Metrics such as transaction frequency, amounts, and geographic location are key indicators of potential fraud. Similarly, geolocation data provides valuable insights into where a user is accessing systems or making transactions. Suspicious patterns, such as access from multiple countries within a short timeframe, are often strong indicators of fraudulent activity.
Device fingerprinting is another powerful tool for fraud detection. Each device has a unique digital fingerprint based on its hardware, operating system, browser type, and installed software. Fraud detection systems use this fingerprint to identify trusted devices, and access attempts from unknown or suspicious devices warrant further scrutiny. Similarly, login behavior analysis can reveal inconsistencies, with behavioral biometrics such as typing speed and rhythm, or mouse movement patterns, uncovering fraudulent activity. Unusual login times or a high frequency of failed login attempts can also indicate account compromise.
Monitoring IP addresses is essential in identifying access from high-risk locations or the use of anonymizing tools like VPNs or proxies, often employed by fraudsters to obscure their location. Red flags include access from previously flagged IP addresses or frequent changes in IP addresses over a short period. Mismatched billing and shipping addresses, rapid addition of multiple payment cards, and new payment methods are common indicators of fraudulent behavior.
How are the hackers targeting WFH employees? How do financial organizations go about protecting such employees so effectively?
Rajesh Katoch: The attackers are phishing, social engineering, and malware attacks WFH employees because they take advantage of the lack of face-to-face interaction and security controls. Financial organizations are using multi-factor authentication, virtual private networks, and regular cybersecurity training for secure WFH employees. Besides, organizations monitor employee devices and networks for signs of malware or other security threats so that their company systems and data stay safe.
Kunal Varma: Hackers are increasingly targeting remote workers as a backdoor to corporate systems. They often exploit poor planning and uncertainty in work-from-home setups. To counter this, financial organizations are increasingly implementing multi-factor authentication (MFA) as a vital security measure. We are seeing a trend towards adaptive MFA that adjusts based on risk factors like the user’s location, device, or time of access. Organizations are also focusing on robust endpoint protection solutions, ensuring that all devices used by remote workers are equipped with the latest internet security software. Sandboxing for external communication channels is also a widely used tactic for preventing phishing attacks from spreading beyond the initial point of entry.
Atit Shah: The shift to remote work (Work From Home or Work From Anywhere) has widened the attack surface for cybercriminals. To address these risks, endpoint security should be strengthened using enterprise-grade solutions that offer real-time malware detection, data encryption, and remote device wipe capabilities. Multi-factor authentication (MFA) adds an extra layer of security. Secure Virtual Private Networks (VPNs) are provided to encrypt data transmitted between employees and corporate systems, with advanced VPNs offering automatic disconnection if the connection becomes insecure and built-in firewalls block suspicious traffic.
Employee training and awareness programs should cover identifying phishing attempts, safe use of personal devices and networks, and reporting suspicious activity promptly. Organizations are also adopting Zero Trust Security models that continuously monitor to ensure no implicit trust is given to any device or user. Advanced threat detection tools powered by AI analyze behavioral patterns to flag anomalies in real-time, such as suspicious login attempts from unusual locations or data access outside normal working hours.
Additionally, enforcing secure configurations is vital, including disabling unnecessary services or ports, mandating regular software updates and patches, and restricting administrative privileges to minimize the impact of compromised accounts. Data Loss Prevention (DLP) tools control sending data to unauthorized destinations or accessed by unapproved users. These comprehensive strategies can significantly mitigate the risks associated with remote work.
How can organizations ensure that their protection systems have the latest capabilities against these emerging patterns of phishing and malware? Do you need to evolve solutions more frequently today than in previous years?
Rajesh Katoch: To keep protection systems up-to-date against these emerging threats, organizations would need to follow a multi-layered security approach to stay abreast of newly emerging threats, conduct repeated vulnerability assessments, and update solutions regularly. Reviewing and updating security solutions regularly, every 6-12 months or as emerging threats and vulnerabilities dictate, is also critical in this fast-changing landscape of cybersecurity. This ensures that an organization stays in front of emerging patterns of phishing and malware, ensuring the systems, data, and users are protected against cyber threats.
Kunal Varma: Ensuring protection systems are updated against emerging phishing and malware patterns requires a multi-faceted approach. Regular system updates and patch management are crucial, as they close vulnerabilities that phishers could exploit. We have found that implementing AI-powered email security solutions and advanced browser security extensions significantly enhances our defense capabilities. Organizations need to develop and enforce stringent policies on data security and conduct regular awareness training and phishing simulations for employees.
In terms of frequency, yes, we are updating our solutions more often compared to earlier years. The rapid growth of cyber threats necessitates a more agile approach to cybersecurity. We continuously evaluate and adopt new technologies that can adapt quickly to evolving threats. Regular threat intelligence updates and real-time monitoring have become essential components of our cybersecurity strategy. This increased frequency of updates and solution changes is necessary to stay ahead of the increasingly sophisticated and rapidly evolving tactics employed by cybercriminals.
Atit Shah: In today’s rapidly evolving cybersecurity landscape, phishing and malware threats are becoming increasingly sophisticated and frequent. Protecting organizations now requires agility, continuous updates, and proactive strategies rather than static defenses. Modern threats have advanced beyond traditional tactics, leveraging technologies such as AI-driven phishing, where machine learning crafts convincing, personalized messages; polymorphic malware, which constantly changes its code to evade detection; and fileless malware, which resides in memory rather than traditional files, bypassing many conventional antivirus tools. As attackers innovate, defense systems must evolve with equal ingenuity.
Adopting AI and machine learning for threat detection is essential, as traditional signature-based methods are no longer sufficient. AI-driven systems can analyze behavior to detect anomalies in real time, identify unknown threats by recognizing patterns consistent with malicious activity, and continuously adapt to new attack techniques without manual updates. Regularly updating security tools and software is another crucial step, as vendors frequently release patches to address vulnerabilities. Automating these updates, conducting regular audits, and maintaining a list of end-of-life (EOL) software for timely replacement are best practices to ensure comprehensive protection.
Implementing a multi-layered security approach is critical for comprehensive protection. This includes tools such as endpoint detection and response (EDR) for device-level security, web filters to block access to malicious sites, and DLP systems to monitor and control sensitive data flows. Adopting a Zero Trust Model further enhances security by ensuring that every user, device, and network is continuously verified, thus minimizing attacks spreading laterally within an organization.
The shorter life cycle of threat signatures, the proliferation of zero-day attacks, and the increased complexity of IT environments demand constant vigilance. Frequent updates to security strategies and tools are now more essential than in earlier years.
Recent Articles:
Companies definitely seek AI Consultants, but only partially satisfied
