With the ease of access to Internet surging in India, more and more people are joining online space as it has more convenience of performing work or request for service fright from the palm via a smartphone. However, if one is not vigilant, he or she will fall prey to hacking, phishing and other forms of online frauds ending up humiliated and in worst case lose big money.
In a bid to warn citizens of such cyber threats, government-run institutions such as the Income Tax department and also banks are sending emails and messages of dos and don'ts to safeguard financial details.
In recent times, phishing has become an epidemic in India, as more fraudsters masquerading as bank executives or IT officials are hoodwinking citizens to divulge bank details and robbing them online.
What is Phishing?
For those unaware, Phishing is a fraudulent practice of sending emails faking to be from reputable companies or a person from government establishment, in order to induce individuals to reveal personal information, such as passwords and credit or debit card numbers.
In India, fraudsters use mainly two methods, one via email and another through SMS.
In the first method, they create fake websites resembling government and bank websites to make it look authenticate. Then, they send fake warning emails to unsuspecting users saying that their bank card will get frozen if they don't renew it. (Another trick statement—Your bank account will be disabled within 48 hours if you do not comply or validate your credentials)
They will be asked to click on a link, and the unsuspecting victims fall for it and press it. Then, they will be taken to an unreliable website and lure them into installing malware by popping warning messages on their PC (or any smart devices) screen that there is a virus in the system and need to download anti-virus firmware immediately.
Again, fearing damage to their devices, naive individuals click the download button and end installing a malware. Then, hackers take control of victims' device and remote scan for sensitive information like financial data, including bank accounts, credit/debit card details, and sometimes personal photos. The hackers later sell them online or call the victim to demand ransom for not to circulate their intimate photos in the public domain.
In the second method, they send SMS to the victims with similar aforementioned debit card cancellation threat. They are well versed with the English language and give an impeccable impression that they are actual bank personnel.
Some also pose as Income Tax official asking victims to divulge bank account number so that they can refund the IT returns to the former's bank account.
In both the instances, they will say to the victims, an OTP (One Time Password) code will come as a confirmation. Within minutes, OTP will come to the mobile via SMS and the fraudsters, call back seeking that information. Before the victims come to the realisation, an SMS will come with the big amount drawn out from their bank account.
These things will happen within a few minutes and leave the victims mentally traumatised as they would have lost their money hard earned by working all through their life. There will be fewer chances of ever getting their money back unless you have insurance plans.
Here's what you need to do to keep yourself secured from online fraud like phishing:
- Make sure you have a reputable anti-virus software on your PC and phones
- Also, keep your email app (Gmail) on the mobile updated at all times (Google regularly releases anti-phishing security patches for Gmail on both Android and iOS versions)
- Never respond to emails from an unknown person and it goes without saying, never click the URL links present in that mail
- If you have downloaded a file from a mail, make sure to scan it again with the anti-virus app
- If email sender is not related to you or your work. Tag the mail as spam and block them.
- Make sure you have registered your mobile number with the bank so that you get credit/debit alerts every transaction you make
- Never ever open a website with non-https URL (Uniform Resource Locator)
- Never ever divulge User ID, Password, OTP, URN, Debit Card Grid values with anyone on email or SMS
- Always remember no bank or IT official will ever ask you to divulge bank card or credit card details on a phone call or an SMS or an email. If there is any issue, you should always go to your bank branch or nearest IT office for enquiry. You can even call toll-free IT number () for any query you have