Phishing Scam
What is phishing?
In a phishing scam, fraudsters cast a wide net by sending out mass emails or messages, hoping to trick recipients into providing their sensitive information like their bank account information, credit card details, email ID/ passwords, and similar important personal information. These messages often contain urgent or alarming requests, targeting recipients to click on links or open attachments that lead to fake login pages or malicious software installations. The term "phishing" is derived from the idea of "fishing" for personal information and, hence, the nature of phishing is to send a scam message to as many people as possible.
Types of phishing scams
Phishing scams can be done through different mediums, including
- Email phishing:
Fraudulent emails designed to mimic legitimate organizations, often requesting recipients to update account information, verify log in credentials, or take urgent action to avoid consequences. Recently a lot of such phishing emails are reported by employees, where their company’s CEO or someone in the upper management is asking them for help. - Spear phishing:
Targeted phishing attacks aimed at specific individuals or organizations, often using personalized information obtained through research or data breaches to increase the credibility of the scam. - Smishing:
Phishing attacks conducted via SMS or text messages, where recipients are prompted to click on links or respond with sensitive information under the guise of urgent notifications or alerts. Some of the most common scams are where users are sent messages where they are required to change their banking details. - Vishing:
Phishing attacks conducted over the phone, where fraudsters impersonate trusted entities to deceive victims into providing personal or financial information verbally. The easiest is where the scammer tries to be someone the victim knows and cares for, and they try to create a distressing situation like they are stranded while they are traveling. - Clone phishing:
Scammers create fake copies of legitimate emails or websites, altering them slightly to appear authentic, then send them to targets to trick them into providing sensitive information.
Phishing scams examples
You receive an email that appears to be from your bank, informing you of suspicious activity on your account and urging you to click on a link to verify your information. The email may look legitimate, complete with the bank's logo and branding, but the link leads to a fake website designed to steal your login credentials.
You receive an email or text message claiming to be from a package delivery service like FedEx or UPS, informing you that a package couldn't be delivered and requesting you to click on a link to reschedule delivery. Clicking on the link may lead to a phishing website or trigger the download of malicious software.
You receive an email purportedly from the IRS or another tax authority, informing you that you're eligible for a tax refund and asking you to provide personal or financial information to claim it. The email may threaten consequences if you fail to comply, such as legal action or penalties.
You receive an email claiming to be from a well-known tech company like Microsoft, Amazon, or Apple, informing you of a security breach or software update and prompting you to click on a link to address the issue. The link may lead to a fake login page designed to steal your credentials or infect your device with malware.
You receive a message on social media from someone claiming to be a friend or acquaintance, asking for financial assistance, or sharing a link to a website offering exclusive deals or prizes. The message may be from a compromised account or a fake profile created by scammers to exploit your trust.
How to recognize phishing?
- Sender's email address:
Check the sender's email address carefully. Phishing emails often come from addresses that mimic legitimate organizations but may contain misspellings or slight variations. - Generic greetings or urgent language:
Be wary of emails that use generic greetings like "Dear Customer" or employ urgent language, such as "Immediate action required" or "Your account will be suspended." Scammers often use urgency to pressure recipients into acting quickly without thinking. - Suspicious links:
On a desktop, hover the mouse cursor over any links in the email (without clicking on them) to reveal the actual URL (for example, at the bottom left on Chrome browser). Phishing emails often contain links that lead to fake websites or malicious pages designed to steal your information or infect your device with malware. Look for misspelled URLs or URLs that don't match the purported sender. Only click on links in your text messages if you are sure of the source. Truecaller can also be helpful, for text messages. Once the app is installed, it lets you know whether a number is 'likely fraud' through its fraud detection services. - Requests for personal information:
Be cautious of emails requesting sensitive information like account numbers, passwords, Social Security numbers, or login credentials. Legitimate organizations typically won't ask for this information via email. - Unsolicited attachments:
Avoid opening email attachments from unknown or unexpected sources, as they may contain malware or viruses. Even if the attachment appears harmless, it's better to be cautious. - Unusual requests or offers:
Be skeptical of emails promising unexpected prizes, lottery winnings, or exclusive deals, especially if they require you to provide personal or financial information or make a payment upfront. If an offer seems too good to be true, it probably is. - Verify information independently:
If you're unsure about the legitimacy of an email, independently verify the information through official channels. Contact the organization directly using a trusted phone number or website (not the contact information provided in the email) to confirm the request or report suspicious activity. You can also search for the number on Truecaller and check if the number is marked as spam and if other users have left a comment for this number.
How to prevent phishing?
Create strong, unique passwords for your accounts and avoid using the same password across multiple platforms. Consider using a password manager to generate and securely store complex passwords.
Ensure that you are protected at all times by using Truecaller. You will be a part of a 420 million+ community worldwide that works towards making communication safer for everyone.
Whenever possible, enable multi-factor authentication (MFA) on your accounts. MFA adds an extra layer of security by requiring additional verification, such as a one-time code sent to your phone, in addition to your password.
Enable spam filters on your email account to help filter out phishing emails before they reach your inbox. Most email providers offer built-in spam filters that can help identify and block suspicious messages.
Keep your computer, smartphone, and other devices up to date with the latest security patches and software updates. This includes operating systems, web browsers, and antivirus or anti-malware programs.
Be careful about sharing personal information on social media platforms, as scammers may use this information to tailor phishing attacks. Avoid clicking on suspicious links or accepting friend requests from unknown individuals.
Where to report phishing scams?
If you've been a victim of a phishing scam, reach out to
- Your local law enforcement agency
- Your financial institution, like a bank
- Email service provider
- Credit reporting agencies
- You can also report the phone number of the fraudster on Truecaller. This could help the whole community from future fraud attempts!
If you are in the United States, these could be some agencies you could reach out to:
- Federal Trade Commission (FTC): You can file a complaint with the FTC online at https://www.ftccomplaintassistant.gov/
- Internet Crime Complaint Center (IC3): You can file a complaint with the IC3 at https://www.ic3.gov/
- Identity Theft Resource Center (ITRC) https://www.idtheftcenter.org/
- Better Business Bureau (BBB) (also works for Canada) https://www.bbb.org/
If you are in India, these could be agencies you could reach out to:
- Cyber Crime Portal https://cybercrime.gov.in
- Sanchar Saathi Suspected Fraud Communication Reporting https://sancharsaathi.gov.in/sfc/
- Cyber Frauds Helpline - Toll-free number 1930 https://www.pib.gov.in/PressReleasePage.aspx?PRID=1814120
Conclusion
Phishing tactics continue to evolve, with scammers using increasingly sophisticated methods to trick individuals into revealing sensitive information or clicking on malicious links. It's essential to remain vigilant of unsolicited messages, especially those requesting personal or financial information, and to verify the legitimacy of emails and websites before taking any action.