Cyber Security - Personal Banking
Cyber Frauds
Be Aware & Stay Protected from Cyber Frauds
In recent times, banking has transitioned to a seamless digital experience, available at your fingertips. With this transition & expansion of digital banking, cybersecurity has emerged as an area of focus for banks. SBI is committed to delivering a superior digital experience to its customers while ensuring digital safety and security.
As we strive to provide an experience that is both secure and convenient, we also urge you to be responsible and alert.
To report any cyber incident, please email at report.phishing@sbi.co.in or call cyber crime helpline number 1930. For more information, visit https://cybercrime.gov.in/.
Think before you click & stay #SafeWithSBI
We take all necessary measures to keep you and your information protected.
Secure Platform:
|
|
Session Layer Security:
|
|
Login Security:
|
|
Profile Security:
|
|
Transfer Security:
|
|
Notification:
|
|
Mobile Security:
|
|
End To End Security:
|
|
Transaction Monitoring:
|
|
Customer Care:
|
To report any cyber incident, please email at report.phishing@sbi.co.in or call cyber crime helpline number 1930. For more information, visit https://cybercrime.gov.in/.
Let us fight Cybercrime together and Stay #SafeWithSBI
|
Login Security:
|
|
Internet Security:
|
|
UPI Security:
|
|
Debit/Credit Card Security:
|
|
Mobile Banking Security:
|
Social Media Security:
To report any cyber incident, please email at report.phishing@sbi.co.in or call cyber crime helpline number 1930. For more information, visit https://cybercrime.gov.in/. |
Let us fight Cybercrime together and Stay #SafeWithSBI
Phishing
Phishing is a technique of fraudulently obtaining private information like login ID and Password, Debit / Credit Card details, PIN, Date of Birth, and Mobile Number etc. This is one of the most common type of social engineering attack. Most Phishing scams endeavour to:
- Obtain personal information such as names, bank account details (User ID, Password, OTP), PAN, Aadhaar etc. by using shortened or misleading link.
- Incorporate threats, fear, and a sense of urgency with phishing message/ email to manipulate the user into responding quickly.
Typical example of Phishing attacks:
- SBI customer ‘Mr. Arun’ receives an SMS from random number, stating that his Debit card will be blocked unless he updates his KYC details immediately by following the link given in the SMS for ex. hssp://8ef628b4602c.ngrok[.]io/sbibank.
- He instantly acted upon the SMS and clicked on the link to update his KYC.
- The webpage which appeared on clicking appeared to be an SBI website however, it was a fake website. Mr. Arun did not notice the error in the address bar (URL) of the fake website and failed to pay heed to the banks advisory on not clicking on links received from unknown sources and entered his INB credentials (Username and password) along with OTP to login into his INB account.
- The website redirected him to the next page where he also shared his mobile number and profile password.
- Arun’s entire sensitive information now got compromised which enabled the fraudster to execute transactions in his account.
Best practices to avoid Phishing attacks
- Do not click on unknown hyperlinks or mail attachments.
- Check the veracity or authenticity of the sender.
- Check the URL to confirm whether it is a legitimate website.
- Check for typos and grammatical errors in the body of the mail.
- Always remember, the bank never asks for your personal information.
- Be wary of tempting offers.
Watch to Know more
To report any cyber incident, please email at report.phishing@sbi.co.in or call cyber crime helpline number 1930. For more information, visit https://cybercrime.gov.in/.
Let us fight Cybercrime together and Stay #SafeWithSBI
Vishing
Vishing is the voice form of Phishing where frauds take place over phone calls. It is an act of using telephone to trick the user into surrendering private information that will be used for fraudulent purposes. The scammer usually pretends to be from a legitimate entity and tries to befool the victim by luring or threatening him.
Typical Examples of Vishing attacks
- OTP/CVV Fraud - Criminals attempts to dupe bank customers into revealing OTP/CVV or read it by accessing their smartphone by inducing the customer to download remote access apps such as Quick support, AnyDesk, TeamViewer etc.
- Lottery Fraud - Fraudsters make a call stating that you have won a huge lottery. To receive the lottery money, you will be asked to submit your personal details by following a link leading to a fake website. You may also be asked to transfer some token money as acceptance of the offer. Once you submit your details and try to make payment through those websites, all your personal information and financial details are stolen.
- Income TAX Refund Fraud - Cyber criminals targets bank customers through phone calls luring them to receive Income Tax refunds and are thus fraudulently collecting customer’s sensitive personal details.
- KYC Fraud – Cyber criminals are calling customers asking them to click on a link to update their KYC details. Such calls come with a threat if the KYC is not updated, then the account will be blocked.
Best practices to avoid Vishing attacks:
- Always verify the caller’s identity.
- Do not install any unknown software in your smartphone/computer on the advice of strangers.
- Do not respond to unsolicited sales, marketing, or outreach messages.
- Do not share OTP, ATM PIN, CVV over the phone.
- SBI will never ask for your bank account details, Debit / Credit Card details, CVV number etc.
Watch to Know more
To report any cyber incident, please email at report.phishing@sbi.co.in or call cyber crime helpline number 1930. For more information, visit https://cybercrime.gov.in/.
Let us fight Cybercrime together and Stay #SafeWithSBI
Smishing
Smishing uses cell phone text messages to lure users in a similar fashion like Phishing. They take the form of text messages that claim to be from legitimate entities and are often used in combination with other techniques to bypass inbuilt protections. They might also direct victims to malicious websites on their phones.
Typical Examples of Smishing Attacks
Best practices to follow to avoid Smishing attacks:
- Be suspicious of any text messages containing urgent request for personal or financial information.
- Do not share any sensitive information over text messages.
- Do not click on any links on the SMS.
- Please call the bank for help or refer to the information only on the official website of the bank.
Watch to Know more
To report any cyber incident, please email at report.phishing@sbi.co.in or call cyber crime helpline number 1930. For more information, visit https://cybercrime.gov.in/.
Let us fight Cybercrime together and Stay #SafeWithSBI
Mobile Security
Smart Phone and app-based services are now being used increasingly to conduct banking transactions through your mobile devices. While this is extremely convenient, you need to follow the best practices mentioned below in the use of mobile phones while doing financial transactions.
Best Practices for Safe Usage of Mobile Phones:
- Strong passwords/biometric permission should be enabled on your phone.
- Keep your SIM card locked with a PIN to avoid misuse. In case of loss or theft of the mobile device; contact your service provider to block the SIM card immediately.
- Your bank account number or PIN should never be stored on the mobile phone.
- Get an anti-virus software installed on your mobile and keep it updated.
- Regularly monitor the permissions of critical apps installed in your mobile phones and keep a track of unnecessary and unused apps.
- Never use Banking apps on jailbroken or rooted devices.
- Avoid connecting phones to public wireless networks.
- Report the loss of your mobile phone to the bank to disable PIN and access to the bank’s account through Mobile Banking app.
Watch to Know more
To report any cyber incident, please email at report.phishing@sbi.co.in or call cyber crime helpline number 1930. For more information, visit https://cybercrime.gov.in/.
Let us fight Cybercrime together and Stay #SafeWithSBI
Digital Arrest Scam
The National Cyber Crime Reporting Portal (NCRP) has recorded numerous complaints about scams involving cyber criminals posing as officials from Law enforcement Agencies. These scammers use intimidation, blackmail and “Digital House Arrests” to deceive victims.
Overview of the "Digital House Arrest" Scam:
This scam involves fraudsters impersonate Law Enforcement officials and falsely claim to investigate crimes, using digital tools and fake setups to intimidate victims into transferring money to avoid fabricated legal troubles.
How the Scam Works:
- Scammers use fake police stations and uniforms to appear authentic, making video calls through platforms like Skype, Telegram, or WhatsApp.
- They falsely claim to have discovered illegal items, such as drugs or fake passports, in a parcel addressed to the victim.
- Sometimes, they assert that the victim is involved in money laundering and an arrest warrant has been issued.
- Personal details like Aadhar, PAN, and SIM information are misused to threaten victims with fabricated legal cases and arrests.
- Victims are forced into sending money to resolve these fictitious issues and may be forced to stay on video calls, experiencing a "digital arrest," until they transfer money.
Advice to customers :
- Verify the Caller : Always check the caller’s identity by contacting the relevant law enforcement agency using official contact details published on their official website.
- Protect Your Information : Do not share personal or financial information over phone or video calls unless you are sure of the caller’s legitimacy.
- Do Not Send Money : Avoid sending money based on such calls or threats.
- Report Suspicious Calls : Report any suspicious calls or scams to your local cyber police authorities immediately.
- Seek Help : Report incidents to the cybercrime helpline number 1930 or visit www.cybercrime.gov.in for assistance.
Fake Investment Scam
The Reserve Bank of India has flagged a rising trend of fake investment scams facilitated through social media platforms like WhatsApp, Telegram and fake apps.
Overview of the Fake Investment Scam:
In this scam, fraudsters create fake investment groups on platforms like WhatsApp and Telegram, presenting themselves as financial experts. They attract victims with free stock tips and opportunities, then manipulate them into using fake trading applications. Once victims invest, they face difficulties withdrawing their funds, and the scammers vanish with the money.
How the Scam Works:
- Scammers add victims to multiple fake investment groups, where they hype up a fictitious star investor and lucrative opportunities.
- Victims receive free stock tips and investment advice, which initially seems promising.
- Scammers direct victims to download a fake trading application, designed to look legitimate but is used to steal funds.
- Some tips benefit group members to build trust, encouraging more investments.
- When victims attempt to withdraw funds or express doubts, their accounts are disabled, the group is shut down, and the scammers disappear with the money.
Advice to customers:
- Verify Investment Opportunities: Always research and verify investment opportunities through credible financial advisors and institutions.
- Be Cautious with Apps: Avoid downloading investment apps from unknown sources. Use only trusted platforms such as Google Store or AppStore to download apps.
- Do Not Share Personal Info: Do not share personal or financial information with unknown contacts or groups online.
- Avoid Unsolicited Tips: Be wary of unsolicited investment tips and offers from social media groups or unknown sources.
- Seek Assistance: For help or to report incidents, contact the cybercrime helpline at 1930 or visit www.cybercrime.gov.in.
Operation of Bank Accounts and Money Mules
- a. In a money mule transaction, an individual with a bank account is recruited to receive cheque deposits or wire transfers and then transfer these funds to accounts held on behalf of another person or to other individuals, minus a certain commission payment. Money mules may be recruited by a variety of methods, including spam e-mails, advertisements on genuine recruitment web sites, social networking sites, instant messaging and advertisements in newspapers. When caught, these money mules often have their bank accounts suspended, causing inconvenience and potential financial loss, apart from facing likely legal action for being part of a fraud. Many a times the address and contact details of such mules are found to be fake or not up to date, making it difficult for enforcement agencies to locate the account holder.
- b. It has been brought to our notice that “Money mules” can be used to launder the proceeds of fraud schemes (e.g., phishing and identity theft) by criminals who gain illegal access to deposit accounts by recruiting third parties to act as “money mules.” In some cases these third parties may be innocent while in others they may be having complicity with the criminals.
- c. In order to minimise the operations of such mule accounts our Bank has to follow the guidelines on Know Your Customer (KYC) norms /Anti-Money Laundering (AML) standards/ Combating of Financing of Terrorism (CFT)/Obligation of banks under PMLA, 2002. We are, therefore, required to strictly adhere to the guidelines on KYC/AML/CFT issued from time to time and to those relating to periodical updation of customer identification data after the account is opened and also to monitoring of transactions in order to protect ourselves and our customers from misuse by such fraudsters.
We, therefore, appeal and seek cooperation from our esteemed customers for regular updation of KYC and other customer identification data to fight against such fraudsters and prevent such money mule transactions.
Do’s and Don’ts On Cyber Security
- Do’s and Don’ts on Cyber Security – English
- Do’s and Don’ts on Cyber Security – Hindi
- Do’s and Don’ts on Cyber Security – Bengali
- Do’s and Don’ts on Cyber Security – Gujarati
- Do’s and Don’ts on Cyber Security – Kannada
- Do’s and Don’ts on Cyber Security – Marathi
- Do’s and Don’ts on Cyber Security – Oriya
- Do’s and Don’ts on Cyber Security – Tamil
- Do’s and Don’ts on Cyber Security – Telugu
- Do’s and Don’ts on Cyber Security – Malayalam
- Do’s and Don’ts on Cyber Security – Punjabi
Beware of Fake website offering subsidy in the name of SBI
Cyber Awareness on UPI Frauds
Cyber Awareness on INB frauds
Cyber Security Awareness Booklet- 2023
To report any cyber incident, please email at report.phishing@sbi.co.in or call cyber crime helpline number 1930. For more information, visit https://cybercrime.gov.in/.
Let us fight Cybercrime together and Stay #SafeWithSBI
Last Updated On : Monday, 26-08-2024
Interest Rates
2.70% p.a.
less than Rs.10 Cr. w.e.f 15.10.22
3.00% p.a.
Rs.10 Cr. and above w.e.f 15.10.22
2.70% p.a.
Balance below Rs. 10 crs
3.00% p.a.
Balance Rs. 10 crores and above
Digital Landing Page
Criteria
- Features
- Eligibility
- Terms and Conditions
Interest Rates
2.70% p.a.
less than Rs.10 Cr. w.e.f 15.10.22
3.00% p.a.
Rs.10 Cr. and above w.e.f 15.10.22
2.70% p.a.
Balance below Rs. 10 crs
3.00% p.a.
Balance Rs. 10 crores and above