By Rashmi Satpute, Country Manager, WISE
With people adopting more digital services across all aspects of life and spending more time online, it can be easy for consumers in India to let their guard down and fall prey to digital scams. Phishing, a type of cyber attack where scammers pretend to be a trusted source to convince victims into handing over personal details such as passwords, has existed since the advent of the internet and continues to be a common threat.
A phishing attack often happens via email but can take other forms, especially as fraudsters employ more sophisticated tactics to take advantage.
These are some of the common phishing scams prevalent today that one should be aware of:
Deceptive Phishing – This is a very common type of scam where the emails are designed to look like it came from a legitimate company with similar fonts and logos to appear credible. Such emails are often mass distributed and fraudsters will try to create a sense of urgency with scenarios such as account deactivations or unauthorized transactions to encourage victims to act quickly and click on a link to change their password. Often, it’s a malicious link that directs you to a fake login page that will collect and steal the personal information you key in on the site.
Spear phishing – This type of scam often involves a personal touch where fraudsters send targeted emails to specific employees at companies. This is achieved by tailoring emails with their target’s name, position, company and other information to make the victim believe they have a connection with the sender and hand over their personal data.
Smishing – Smishing uses text messaging or short message service (SMS) to carry out the scam. For example, a common type of attack is an SMS that looks like it came from your bank warning victims about a suspicious activity. Such messages can include a callback number as well as a fraudulent link that will be used to steal sensitive information or install malware on the device.
Vishing – Vishing, or voice phishing, involves calls from fraudsters masquerading as a legitimate company, such as a postal service, bank, or government entity. They might claim you are in legal trouble or have found suspicious activities in your banking account that needs to be addressed immediately. Then, they will convince the victim to provide personal information in order to resolve the situation.
To protect against such phishing scams, here are some top tips:
Always check the sender’s email address
A dead giveaway that you’re being scammed is an email address that does not match the company the sender claims they’re from. Often, the email address in phishing attacks can come from a public email domain such as gmail or outlook, or a fake domain that includes a company’s name in the URL, such as @facebookmail.com. So, make it a habit to always check the sender’s email address to see if it’s correctly spelled and think twice before clicking on links or opening attachments.
Be extra vigilant when providing sensitive information
Before you submit any information online, make sure the website’s URL starts with https:// and there should be a lock icon in the address bar. Never enter personal details through the links in emails or SMSes. Instead, visit the main website of the company in question.
Be skeptical if you answer calls from unknown numbers
Never give your details to an unsolicited caller and most importantly, don’t feel pressured to take any action even when the situation sounds dire on the other end of the call. Contact the individual or organization directly to confirm the story — be cautious of requests to ‘not tell anyone’.
While there is no single foolproof way to avoid phishing attacks, staying vigilant at all times is one of the best ways to defend yourself.