Beware! This online mistake can reduce your bank balance to zero

Not long-ago fraudulent activities were committed by casual fraudsters. Today, fraud complexity has been taken to a whole new level with the help of very sophisticated methods that ensure complete control of the target person’s bank or credit/debit card. They are after your hard-earned money and the best channel of attack for them is your online banking, debit and credit card universe.

Phishing is one of the oldest and most often used techniques by fraudsters. This modus operandi is used generally to extract sensitive information such as personal details, bank account numbers and associated passwords, PINs, etc. via fake e-mails. For example, it is common to receive messages like "Dear user your account will be close today click here on the link and update your pan card number". This is an attempt to capture your confidential personal details like user ID, Password, 3D Secure PIN, Date of birth, CVV number etc.

What is Phishing?

In phishing the target individual receives an email or message which is made to look like as if from the bank asking for account details, specifying a very urgent purpose. Often there is a line of disguised threat that in case if the details are not provided the account will be blocked etc. In such messages, generally, a shortened link is specified which needs to be clicked for completing the activity mentioned in the mail. When clicked, it leads to a look-a-like website that is designed almost exactly like the bank’s official site. From there on, everything that is typed is known to the fraudster.

“Phishing is a popular form of cybercrime that attempts to steal your money, or your identity, by getting you to reveal personal information such as credit card numbers, bank information, or passwords on any websites that pretend to be legitimate. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website,” explained S. K. Sethi, author of “1 Cyber Attack Can Ruin You Forever,” a book on cybercrime. 

How to avoid phishing scams?

Puneet Kapoor, President - Products, Alternate Channels and Customer Experience Delivery, Kotak Mahindra Bank Ltd shares a few tips that can be handy while detecting phishing:

• Do not share your personal and confidential information like Card details (number, PIN)/OTP/CVV, etc. with anyone. Remember, the Bank or any of its executives will NEVER ask you for such details.
• More often than not, phishing emails/SMSes contain numerous spelling errors. These errors may exist not only in the text of the email/SMS sender ID, but also in the URL therein.
• There is a sense of urgency embedded in the messages if you pay attention to the language used. They urge you to take action now or an extreme measure would be undertaken, such as the termination of your bank account/blocking of Credit/Debit card or PAN.
• Avoid responding to any SMS sent from unknown numbers or email IDs. If the SMS is asking you to take urgent action, then you should visit the official website directly and not click on the SMS link or take any further action.
• Refrain from clicking on links that come from unknown web terrains as well. Whenever you wish to visit the Bank’s website, type out the complete URL in the browser. Do not click on any link that has been sent to you with the promise of taking you to the bank’s site.

What to do if you are a victim of Phishing Scam?

According to Sethi, if you're suspicious that you may have inadvertently fallen for a phishing attack there are a few things you should do immediately:

• While it's fresh in your mind write down as many details of the attack as you can recall. In particular try to note any information such as user names, account numbers, or passwords you may might have shared.
•  
• Immediately change the passwords on those affected accounts, and anywhere else that you might use the same password. While you're changing passwords you should create unique & strong passwords for each account every time.
• Confirm that you have multifactor authentication (also known as two-step verification) turned on for every account you can.
• If this attack affects your work you should notify the IT support team at your work of the possible attack and the precautions to be taken. If you shared information about your credit cards or bank accounts you may want to contact those companies as well to alert them to possible fraud so that they are careful in handling the withdrawal of money or debiting your card.
• If you've lost money or been the victim of identity theft, report it to local law enforcement ( cyber crime cell of the police station )immediately with all available supporting documents. Calling 1930 and registering your loss/complaint is a good idea.