The most common social attack worldwide, Social Engineering Attack (SEA) is also common nowadays in Bhutan. SEA is a trick to manipulate people into making security mistakes or sharing sensitive information which is a very simple method used by the scammers.
Bharat Gurung, Information Security Division of Bank of Bhutan(BoB) said that anyone can be a scammer because one does not need a technical background because the scammer needs to just manipulate the person to share their information over the phone, message or email.
The most common type of scam happening in Bhutan is a WhatsApp attack known as vishing attack. In such cases scammers call the customers of banks and try to make a deal saying that they will receive money in their account. The scammer asks all the information to pay the commission to get access to the information from the customer.
The other approach of the scammer is by telling the person that he/she has won the lottery and tries to convince the person using various methods and after convincing them they ask the information of the victim like account details, mobile number and Identity card number and finally they ask One Time Password (OTP). That way the scammer easily gets access to the victims mobile banking services like M BOB since the basic information needed has been already shared by the account holder.
“Sharing credible information is like opening a door and welcoming the robber in the house,” said Bharat Gurung.
The feature in MBOB and MPAY where users can change the Mpin and International Mobile Equipment Identity (IMEI) form by validating the OTP is the easiest way to get access to anybody’s account and scammers take advantage of such features and make the transaction of the money from the account holder which is commonly known as WhatsApp scam.
The types of scam financial frauds are Phishing, Vishing and Smishing. Phishing fraud is done through the emails, Vishing is done over the phone trying to convince people of them winning a lottery and Smishing is another type of scam where text messages are sent trying to encourage people to pay money or click on suspicious links and trying to get victims on the phone by sending text message asking them to call a number, in order to persuade them further.
He added that especially in a pandemic he has seen a report that such scams have increased on a huge scale.
Passang Dorji, media focal of BOB said that the victims are not only the illiterate ones but the literate ones as well because of the excitement of the huge amount being won overnight.
Few branches of banks have also received calls claiming to be a client of the bank misusing the name of the original clients and asking for money but such situations were handled well by the banks said Passang and few cases are found where scammers make a video call to the people claiming to be a banker with the banks logo set on their wall and asking to send the OTP immediately and some scammers make a call asking information of the people saying they need to update their bank details.
Information Security Officer of Bhutan National Bank (BNB), Yonten Jamtsho said that the amount is frozen for investigation whenever the scam victims report such cases and the amount is reimbursed once the investigation is done.
Deepak Verma, General Manager of Druk PNB said that people in Bhutan are very innocent therefore there are high chances that people can get brainwashed easily by the scammers and the only solution is by setting awareness through different modes. He added that an Indian labor working in Thimphu approached him to help him deposit about Nu. 40,000 since he though he has won a lottery worth a million. He said it was difficult to make him understand that it was a scam since he was totally manipulated by the scammer.
“When you have not bought a lottery how can one win a lottery?” said Deepak Verma.
If the scammers are from the foreign country it is very difficult to get hold of the scammers because it has to be routed through Interpol which is very difficult, but if the scammer happens to be within Bhutan it can be easily traced out through the account and phone number used by the scammer.
There are also cases where people photo shop the screenshot of the payment made to the receiver as a payment confirmation. Banks said that the common practice of payment screenshot through mobile banking has become very common among the people which can also be one mode of sharing bank details so it is advised by the banks to mask the beholders account details to prevent such scams.
It is learnt that such cases are forwarded to the courts by the Royal Bhutan Police with the help of banks.
Posting the lost wallets displaying all the cards in social Medias happens to be a generous way to return the belonging but the risk of showing the card number in public especially the credit cards can make an easy access for the scammers to use the card through online transaction.
It is learnt that after the thorough investigation by the various banks customer have to be totally aware of the importance of securing the OTP, account number, mobile number and CID.
Banks in Bhutan said that they have been setting awareness on how to stop being a victim of scams through social media, television and radio stations and the other measure the banks have taken is validating the IMEI of the users by directly contacting the branch office so that only one device can use the mobile banking apps.
As of now there are 17 scam victims in BOB and 12 scam victims in BNB.