A Phishing scam involves an email/SMS/Voice message sent to deceive the victim to gain access to confidential and private information and/or distribute infected files. In a phishing scam, often email is sent and it tricks victims to look-alike websites and steals the login/password details. Please note that Banks will never ask for confidential data like login and transaction password, One Time Password (OTP), Unique Reference No. (URN), etc. In this article, we shall talk about What is Phishing? How does it work? How to Avoid Phishing Scams? What to do if you get phished?
14.5 billion different types of email spams are sent every single day? Email spam accounts for 45% of all emails sent!
Example of a phishing email
Table of Contents
How does Phishing work?
Phishers use email, telephone call (called vishing voice phishing) or SMS(called SMS phishing or smishing ) to get customer details like account no., login ID, login and transaction password, mobile no., address, debit card grid values, credit card number, CVV, PAN, date of birth, mother’s maiden name etc. The scammer many times pretends to be a trustworthy and revered individual (such as the CEO of the organization, Income Tax office), or organization (such as Google). This enables them to deceive the victims into trusting the reliability of the email and obtain sensitive information from them.
- Phishers set up a replica page of a known financial institution or a popular website
- You receive an e-mail/telephone call out of the blue. The message appears to be from your bank or the company issuing your credit card
- You have to click a link to a website.
- When the user clicks on the link, the replica of the website will open. It looks extremely similar to your bank’s own website or the website for the company issuing your credit card
- On this site, you read that you must enter, complete or check your personal data concerning your accounts, credit cards and codes. This will be for “security reasons”, “file checks”, “data loss”, etc.
- This data goes to phishers and they use it to transfer money from your account in the original sites
Phishers have refined their technology to launch sophisticated attacks and use advanced social engineering techniques to dupe online banking users.
Many companies even big ones like Facebook and Google have experienced data leaks and all this information goes to Dark Web. There’s a large package of 2.2 billion leaked credential for sale, and it’s a safe guess that phishers bought it to improve the quality of their emails.
Data leaks on Facebook Google help in phishing
The advancement of the Internet had placed us at the centre of cyber frauds, our article Online Fraud : UPI Scam, AnyDesk, Matrimonial Site, Lottery, Fake Job Offer etc covers many of in detail.
How to Avoid Phishing scams
You need to take certain precautions so that you don’t fall prey to such attacks. Phishing requires cooperation from the victim, it needs them to initiate some sort of action or volunteer sensitive information. Here’s how to avoid such scams:
Identify signs of fraud: Phishing websites and email will often have grammatical errors and fake branding.
Look at the email properly. Phishing messages are many times badly written and contain spelling and grammar mistakes. Phishing messages often threaten consequences. Explained in detail in our section How to recognise Phishing Email/Call?
Don’t click links in the email. Access websites only through official links and sources, and follow proper security procedures.
Carefully inspect a website before interacting with it
- Check if the website is secure by inspecting its address or URL. The address always starts with https:// and not with http://. That is an indication that all communication between your browser and the bank’s website is encrypted. Also important is the presence of a lock symbol on the website (see image below). Clicking on the lock icon should display the digital certificate that verifies the authenticity of the website.
- Do you see a misspelling in the bank name?
How to recognise Phishing Email/Call?
The sample Phishing email is given below
- Phishing messages are many times badly written and contain spelling and grammar mistakes. Occasionally, they can be written in a foreign language. Your bank knows in which language you want to receive correspondence and thoroughly screens that correspondence for possible mistakes. Messages that do not comply with these characteristics are by definition suspicious;
- Phishing messages sometimes threaten consequences if you do not reply to the question. If you receive any email from your bank that conveys a sense of urgency or threat, then call up your bank and verify the situation.
- The sender’s address looks strange. Hover your mouse over the link and take a look at the left-hand corner of the browser. It will display a link. Check if this link matches the one in the email. If it doesn’t, then suspect it as a phishing attack.
- A forged e-mail address can sometimes be in the From field. Always check if this address is from your bank. If in doubt, contact your bank through your usual channels and never answer the e-mail;
- The link in phishing messages goes to a website that looks similar to your bank’s own website or the website for the company issuing your credit card. This site will not be secured, contrary to the bank’s actual website. Doesn’t start with https:// and does not have a lock symbol
How to recognise a phishing email
What to do after the phishing attack?
If you ever find yourself at the receiving end of a phishing scam, don’t panic. Even the most complicated attack can be resolved with the help of your bank and the police authorities. Hence, take the following steps to minimise damage if you are the victim of a phishing attack.
Change your password: Since the scammers could have access to your account, the first step should be to change your login credentials and passwords to keep them out of the system and prevent further damage.
Contact the officials: Call your bank and explain the situation to them. They will then freeze your account so that no further transactions can be conducted. The police department of most states has a cybercrime division, which needs to be informed as well.
Scan your system: Scan your device(mobile/computer) to ensure the attacker did not install any malware or backdoor software on the device for future attacks.
Delete emails from unknown sources: Go through your Inbox once a week and delete marketing mailers and emails from unknown sources.
Doesn’t this blow your mind that nearly
Keep your system’s operating system, software (Java, Adobe, etc.) and web browsers up-to-date.
Install an antivirus that can block websites and emails designed for phishing attacks.
Check your bank statements regularly. If you see any unauthorized transactions, inform your bank immediately
First Phishing attack in 1994
The first phishing attack was in 1994 on America Online(AOL) when a hacker called Da Chronic sent automated CC/PW Fisher message that exploited AOL’s direct messaging system. He sent a direct message to unsuspecting users: “Hi, this is AOL customer service. We need to verify your account for security. Please, can you provide us with your username and password?” Unsuspecting victims that had never encountered anything like this before willingly gave out their personal information and became the first to fall to the first phishing attack. The article, The evolution of phishing attacks: why are they still effective? covers it in detail.
Video on Stay Safe from Phishing and Scams
Related Articles:
- Online Fraud : UPI Scam, AnyDesk, Matrimonial Site, Lottery, Fake Job Offer etc
- Cyber Crime : Credit Card Fraud,Bank Account Hacked
- ATM card fraud: What it is ? How to avoid ATM Card fraud?
- 4 Common Personal Loan Scams You Must Beware Of
Above all, remember to exercise caution in all your online/mobile transactions! Never do things in a hurry! Have you faced a phishing scam? What did you do? How do you keep yourself safe online?
