back to top
-10.3 C
New York
Monday, December 23, 2024

TMN Shop

spot_imgspot_img

Phishing: A Curse for Bangladesh’s MFS Industry

Phishing: A Curse for Bangladesh’s MFS Industry

“Hello, I am Nahid from Bkash” – a Bangladeshi advertisement of Bkash on educating the users to stay safe from scammers. We all can relate to this famous advertisement because this kind of fraud calls is happening daily. Now, the story behind this advertisement is extensive because uncountable users have lost their money through phishing attacks.

The rate of financial inclusion is increasing day by day through MFS (Mobile Financial Services) by adopting digital banking technology. Bangladesh Bank has already launched the ‘National Financial Inclusion Strategy 2020-24’ to develop a robust financial system but phishing attacks are jeopardizing this financial inclusion strategy.

To define phishing, BGD e-gov CIRT (Bangladesh Government’s e-Government Computer Incident Response Team) has given the perfect definition. According to them, “A phishing campaign is a kind of scam run through email and intended to snip personal information from victims.” This genre of cyber criminals targets the most vulnerable trait to take possession of personal data in a short period. Currently, there are 13 MFS providers in Bangladesh. A recent study by the Policy Research Institute of Bangladesh has shown that 1 in every 10 mobile financial service users in Bangladesh has faced financial fraud. One wrong click can bring immense insecurity to a company’s financial health or a person’s. 

We are now going to see the most commonly used phishing methods by scammers in Bangladesh:

  • Method 1 – Spear Phishing: Modified and customized emails, messages, and promotional campaigns are sent to a specific segment of people. It could be the elite class, middle class, any religious groups, etc. They analyze the psychological background of that segment and then they operate the phishing attack.

  • Method 2 – Smishing or SMS Phishing: This is the most convenient way for attackers to send phishing SMS to the users. Though it is an old method, attackers still use this method to lure the ignorant segment.

  • Method 3 – Clone Phishing: Fraudsters collect duplicate sim cards, and credit or debit cards to clone the users’ IDs. They often hire hackers to steal users’ data from MFS data storage. After that, attackers use the stolen data to make duplicate sim cards or credit cards.

  • Method 4 – Uplink Manipulation: Scammers replace the original link with the malicious link to mislead the users. Attackers wait for national issues like news related to Pori Moni’s life, Shakib Al Hasan’s life, or any political or celebrity issue so that they can use those issues to mislead users to tap into their malicious links. Thus, scammers take possession of users’ data.

  • Method 5 – Social Engineering: Attackers conduct a psychological study of society to lure people to enter into their malicious link. During Covid-19, people tend to read news, blogs, and vaccine information to stay safe from the pandemic. So, scammers created fake blogs, articles, and websites to entice people into clicking their links.

  • Method 6 – Voice Phishing: Almost all the MFS users in Bangladesh received calls from scammers acting as an agent from Bkash, Nagad, etc. They try to fool people through phone calls to get their pin codes, passwords, etc.

There is one thing common between scammers and victims. That is both parties want financial gain. Security experts reported that 71 percent of phishing attacks are financially motivated. And scammers use this trait of people to commit phishing attacks. So, we need to control our allurement.

Now, people might wonder what are the prevention acts or laws to confine these scammers. At present, the Bangladesh Financial Intelligence Unit (BFIU), Payment Systems Department (PSD), and Financial Integrity and Customer Services Department (FICSD) of Bangladesh Bank mutually monitor the MFS transactions. DB, RAB, CID, and CTTC of Bangladesh Police are also working with Bangladesh Bank to detect these cyber scammers.

A phishing racket arrested by RAB in 2019 (Photo: Collected)

Senior Assistant Commissioner Dhruv Jyotirmoy Gop of CTTC, Dhaka Metropolitan Police said, “Some of the apps the fraudsters use are available on the Google Play Store. Anyone can generate fake numbers using these apps and can make fake phone calls.” CID said in a press statement that most of the users do not report or file cases against these phishing attacks. As a result, law enforcement authorities cannot take action and thus scammers get away easily. In this genre of crime, the risk is too low but the financial gain is high. Thus, criminals are committing phishing attacks in a buoyant way. Besides, there is no anti-phishing law in Bangladesh. 

Bangladesh deals with these scammers under these two laws – Cyber Security Act, 2015, and Digital Security Act, 2018. The proposed Data Protection Act, 2022, and the Bangladesh Telecommunication Regulatory Commission Regulation for Digital, Social Media, and OTT Platforms, 2021 are on the way to root out these scammers. Hopefully, the law will be passed in 2023 and will bring efficiency to capturing these wrongdoers.

Now, let us talk about the liability of 13 MFS providers. The MFS providers Bkash, Nagad, etc. actually cannot do much when users share their information with scammers willingly. But other MFS providers can follow the model of Tap of Trust Bank Ltd. Tap’s risk management freezes the user’s ID if wrong passwords are provided more than once. Then, Tap’s risk management call that user and asks if he/she remembers the password.

Shamsuddin Haider Dalim, head of corporate communications at BKash said, “The transaction in mobile banking is done digitally. There is no human contact. So, two things are important here. First is the PIN and second is the OTP that is required before entering the PIN for the transaction. These two things are customer property. They should never be shared with anyone. If that is ensured, the transaction will be 100% secure”. From the statement, we can understand that MFS providers cannot raise questions against a transaction. But in near future, we will see the implementation of face detection and real-time gross settlement methods for safe transactions.

A real incident will now make us understand if the MFS providers have any liability. In 2020, a tea seller named Rakib Mia got scammed through SMS phishing. He received an SMS while selling tea at Nabinagar, Savar that claimed that he won a lottery worth 8 lac taka. To avail of the prize money, scammers asked for 85 thousand takas as service charges. The scammer’s phishing message said, “Rakib Mia will get 95 thousand takas immediately if the service charge is paid within 1 day and the rest of the amount will be paid after one day”. Rakib Mia paid 65 thousand takas to the given account of scammers through a Bkash agent. While paying the rest 20 thousand takas, the Bkash agent asked him the cause but the tea seller lied and told the agent some fake reason. Had he told the truth to that Bkash agent, his 20 thousand takas could have been saved at least. In such cases, MFS providers cannot do anything if someone sends money willingly. 

Albeit, it is needless to stay in comfort by thinking that only uneducated people like Rakib Mia are scammed. Educated people are also the victim of phishing attacks by receiving customized phishing attacks described in the phishing method.

Policy Research Institute (PRI) has shown in one of their surveys that 16.4 percent of users who have master’s degrees fell victim to phishing attacks. So, we can say that scammers target every group of people to maximize their financial gain. PRI’s findings also show that 45 percent of people do not have any MFS account and out of these, 66 percent said they do not have the necessity and 32 percent declined to use it because of the fear of phishing attacks or financial fraud. If these people do not open a digital account with any MFS providers, the National Financial Inclusion Strategy 2020-24 may fail.

Security experts are hoping that regulators will implement 3 LOD (Third Line of Defense), face detection, RTGS (Real Time Gross Settlement), post-scammed responsibilities for the users, etc. effective risk management practices which will emit the fear of these 32 percent people and these practices will surely give a reason to other 66 percent to open an account in MFS providers. Thus, the National Financial Inclusion Strategy 2020-24 will be a successful example for other countries to follow.

 

Abrar Mahmud is an undergraduate BBA (Major in Finance) student at the Army Institute of Business Administration, Savar.

MD IMRAN HOSSAIN
MD IMRAN HOSSAINhttps://themetropolisnews.com/
Md. Imran Hossain, a certified SEO Fundamental, Google Analytics, and Google Ads Specialist from Bangladesh, has over five years of experience in WordPress website design, SEO, social media marketing, content creation, and YouTube SEO, with a YouTube channel with 20K subscribers.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay Connected

3,800FansLike
300FollowersFollow
250SubscribersSubscribe
- Advertisement -spot_img

Latest Articles