Phishing scam

·

7 min read

Phishing scam

What is phishing?

In a phishing scam, fraudsters distribute mass emails or messages with the intent of deceiving recipients into divulging sensitive information, such as bank account details, credit card numbers, email IDs, passwords, and other critical personal data. These communications often include urgent or alarming prompts, encouraging recipients to click on links or open attachments that direct them to counterfeit login pages or initiate malicious software installations. The term "phishing" originates from the concept of "fishing" for personal information, reflecting the strategy of sending fraudulent messages to a broad audience.

Types of phishing scams

Phishing scams can be done through different mediums, including

  1. Email phishing:
    Fraudulent emails designed to mimic legitimate organizations, often requesting recipients to update account information, verify log in credentials, or take urgent action to avoid consequences. Recently a lot of such phishing emails are reported by employees, where their company’s CEO or someone in the upper management is asking them for help.

  2. Spear phishing:
    Targeted phishing attacks aimed at specific individuals or organizations, often using personalized information obtained through research or data breaches to increase the credibility of the scam.

  3. Smishing:
    Phishing attacks conducted via SMS or text messages, where recipients are prompted to click on links or respond with sensitive information under the guise of urgent notifications or alerts. Some of the most common scams are where users are sent messages where they are required to change their banking details.

  4. Vishing:
    Phishing attacks conducted over the phone, where fraudsters impersonate trusted entities to deceive victims into providing personal or financial information verbally. The easiest is where the scammer tries to be someone the victim knows and cares for, and they try to create a distressing situation like they are stranded while they are traveling.

  5. Clone phishing:
    Scammers create fake copies of legitimate emails or websites, altering them slightly to appear authentic, then send them to targets to trick them into providing sensitive information.

Phishing scams examples

Email from a bank

You receive an email that appears to be from your bank, informing you of suspicious activity on your account and urging you to click on a link to verify your information. The email may look legitimate, complete with the bank's logo and branding, but the link leads to a fake website designed to steal your login credentials.

Package delivery scam

You receive an email or text message claiming to be from a package delivery service like FedEx or UPS, informing you that a package couldn't be delivered and requesting you to click on a link to reschedule delivery. Clicking on the link may lead to a phishing website or trigger the download of malicious software.

Tax refund scam

You receive an email purportedly from the IRS or another tax authority, informing you that you're eligible for a tax refund and asking you to provide personal or financial information to claim it. The email may threaten consequences if you fail to comply, such as legal action or penalties.

Email from a tech company

You receive an email claiming to be from a well-known tech company like Microsoft, Amazon, or Apple, informing you of a security breach or software update and prompting you to click on a link to address the issue. The link may lead to a fake login page designed to steal your credentials or infect your device with malware.

Social media phishing

You receive a message on social media from someone claiming to be a friend or acquaintance, asking for financial assistance, or sharing a link to a website offering exclusive deals or prizes. The message may be from a compromised account or a fake profile created by scammers to exploit your trust.

How to recognize phishing?

  1. Sender's email address:
    Check the sender's email address carefully. Phishing emails often come from addresses that mimic legitimate organizations but may contain misspellings or slight variations.

  2. Generic greetings or urgent language:
    Be wary of emails that use generic greetings like "Dear Customer" or employ urgent language, such as "Immediate action required" or "Your account will be suspended." Scammers often use urgency to pressure recipients into acting quickly without thinking.

  3. Suspicious links:
    On a desktop, hover the mouse cursor over any links in the email (without clicking on them) to reveal the actual URL (for example, at the bottom left on Chrome browser). Phishing emails often contain links that lead to fake websites or malicious pages designed to steal your information or infect your device with malware. Look for misspelled URLs or URLs that don't match the purported sender. Only click on links in your text messages if you are sure of the source. Truecaller can also be helpful, for text messages. Once the app is installed, it lets you know whether a number is 'likely fraud' through its fraud detection services.

  4. Requests for personal information:
    Be cautious of emails requesting sensitive information like account numbers, passwords, Social Security numbers, or login credentials. Legitimate organizations typically won't ask for this information via email.

  5. Unsolicited attachments:
    Avoid opening email attachments from unknown or unexpected sources, as they may contain malware or viruses. Even if the attachment appears harmless, it's better to be cautious.

  6. Unusual requests or offers:
    Be skeptical of emails promising unexpected prizes, lottery winnings, or exclusive deals, especially if they require you to provide personal or financial information or make a payment upfront. If an offer seems too good to be true, it probably is.

  7. Verify information independently:
    If you're unsure about the legitimacy of an email, independently verify the information through official channels. Contact the organization directly using a trusted phone number or website (not the contact information provided in the email) to confirm the request or report suspicious activity. You can also search for the number on Truecaller and check if the number is marked as spam and if other users have left a comment for this number.

How to prevent phishing?

Use strong passwords

Create strong, unique passwords for your accounts and avoid using the same password across multiple platforms. Consider using a password manager to generate and securely store complex passwords.

Download Truecaller

Ensure that you are protected at all times by using Truecaller. You will be a part of a 420 million+ community worldwide that works towards making communication safer for everyone.

Enable multi-factor authenticati­on (MFA)

Whenever possible, enable multi-factor authentication (MFA) on your accounts. MFA adds an extra layer of security by requiring additional verification, such as a one-time code sent to your phone, in addition to your password.

Use spam filters

Enable spam filters on your email account to help filter out phishing emails before they reach your inbox. Most email providers offer built-in spam filters that can help identify and block suspicious messages.

Update security software

Keep your computer, smartphone, and other devices up to date with the latest security patches and software updates. This includes operating systems, web browsers, and antivirus or anti-malware programs.

Be cautious on social media

Be careful about sharing personal information on social media platforms, as scammers may use this information to tailor phishing attacks. Avoid clicking on suspicious links or accepting friend requests from unknown individuals.

Where to report phishing scams?

If you've been a victim of a phishing scam, reach out to

  1. Your local law enforcement agency

  2. Your financial institution, like a bank

  3. Email service provider

  4. Credit reporting agencies

  5. You can also report the phone number of the fraudster on Truecaller. This could help the whole community from future fraud attempts!

If you are in the United States, these could be some agencies you could reach out to:

  1. Federal Trade Commission (FTC): You can file a complaint with the FTC online at ftccomplaintassistant.gov

  2. Internet Crime Complaint Center (IC3): You can file a complaint with the IC3 at ic3.gov

  3. Identity Theft Resource Center (ITRC) idtheftcenter.org

  4. Better Business Bureau (BBB) (also works for Canada) bbb.org

If you are in India, these could be agencies you could reach out to:

  1. Cyber Crime Portal cybercrime.gov.in

  2. Sanchar Saathi Suspected Fraud Communication Reporting sancharsaathi.gov.in/sfc

  3. Cyber Frauds Helpline - Toll-free number 1930 pib.gov.in/PressReleasePage.aspx?PRID=1814120

If you are in Bangladesh, these could be agencies you could reach out to:

  1. Cyber Crime Portal https://www.cid.gov.bd/

  2. Cyber Frauds Helpline - Toll-free number 999 dmp.gov.bd/contact-us

Conclusion

Phishing tactics are constantly evolving, with scammers employing increasingly sophisticated methods to deceive individuals into disclosing sensitive information or clicking on harmful links. It is crucial to stay alert to unsolicited messages, particularly those requesting personal or financial details, and to verify the authenticity of emails and websites before proceeding with any actions.