Phishing Attack: How To Avoid Falling Into Its Trap

Have you ever received an email that seemed a bit off? Maybe it claimed to be from your bank, but something felt fishy about it. If you’ve ever been unsure about an email asking for personal information, you might have come across a phishing attempt. 

Don’t worry; you’re not alone. According to Tanla Platforms, about 30 crore people are vulnerable to phishing attacks in India, of which 5 lakh potentially fall prey to scamsters. And only 7% who get scammed report the crime. India ranked third globally and first in the Asia-Pacific region in the list of 111 countries affected by a concerted phishing campaign.

Let’s explore what phishing is, how it works, and most importantly, how we can protect ourselves from falling into its trap.

What is Phishing Attack?

In very basic terms, it’s when someone pretends to be someone they’re not to steal our personal information. They might act like our bank, a popular website, or even a government agency, but it’s all a lie!

Imagine getting an email that looks exactly like it’s from our bank. It says there’s a problem with your account, and you need to click a link to fix it. But when we click that link, it takes us to a fake website that looks real! When we enter our login details there, the scammer gets our username and password.

Now, the primary objective of phishing is to steal our sensitive data, like login credentials, credit card numbers, or other personal info. Once they have this information, they can use it to steal our money, make fraudulent transactions, or even sell our data to other criminals.

How Does It Work?

First, the cybercriminals create a convincing trap, like a fake email from the bank, to lure us into their scam. They often impersonate well-known organizations to gain our trust.

Once we take the bait and click on the link in the email, we are taken to a website that looks exactly like our bank’s login page. However, this website is a clever imitation, set up by the attackers.

The fake website’s purpose is to trick us into entering our login credentials and other sensitive information, such as our account number, password, and even our debit/credit card details. Armed with this information, the attackers can steal money from our bank account, commit identity theft, or sell our data on the black market. 

After obtaining our information, the attackers may redirect us to the actual website or display a generic error message to make it seem like nothing unusual happened.

For instance, during the tax season, scammers may send fake emails posing as the Income Tax Department. These emails claim that you are eligible for a tax refund and ask you to click on a link to claim it. The link leads to a fraudulent website that looks like the official Income Tax Department portal. Here, they ask you to provide your PAN (Permanent Account Number), bank account details, and other personal information to claim the refund.

Scammers can also create fake websites that look like popular shopping sites, tricking us into entering our credit card info during checkout.

Signs of a Phishing Attack

Phishing attacks can be highly convincing, and it’s essential to stay vigilant There are some signs to know where we are being attacked by a phishing attack.

Urgent or Fear-Inducing Messages: Phishers create a sense of urgency to trick us into acting quickly without thinking. For instance, we might receive an email saying our account will be blocked in 24 hours unless we click a link to verify our details immediately.

Suspicious Email Address: Check the sender’s email address carefully. Scammers may use addresses that look similar to legitimate ones but have slight variations. For instance, instead of “support@icici.com,” it could be “support@icicic.com.” (extra c at the end)

Misspellings and Grammar Errors: Phishing emails often contain spelling mistakes and grammar errors. 

Unusual URLs: Hover mouse over any links in the email (without clicking) to see the destination URL. Phishers might use deceptive URLs that resemble legitimate ones. For example, “www.icici.com” could be “www.icicic.com.” (extra c at the end)

Unsolicited Requests for Personal Information: Be cautious if an email asks for sensitive information like passwords, PINs, or credit card details. Legitimate organizations never request such information via email.

Too Good to Be True Offers: Phishing emails may promise amazing rewards or prizes to lure you in. For instance, an email claiming you won a huge cash prize in a contest you never entered.

Emails from Unknown Sources: Be wary of emails from unknown senders or companies you’ve never interacted with. For example, an email claiming to be from a government agency but with no prior communication history.

Requests for Money or Donations: Phishers may impersonate charitable organizations to ask for donations. Verify such requests through official channels before contributing.

Unusual Attachments: Don’t open email attachments from unfamiliar sources, as they could contain malware. For instance, an email from an unknown sender with an attached file claiming to be an invoice.

How To Report Phishing Incidents

Reporting phishing incidents to the relevant authorities is important to help combat cybercrime and protect others from falling victim to similar scams. Here’s how to do it –

Save Evidence: Take screenshots or save the phishing email or website as evidence. This will help the authorities in their investigation.

Contact Bank or Organization: If the phishing attempt impersonates a specific bank or organization, contact their official customer support immediately. They often have dedicated channels for reporting such incidents.

Forward the Email: If the phishing email claims to be from a well-known company or organization, forward the suspicious email to their official customer support or security team. They can investigate and take appropriate action.

Report to CERT-In: The Indian Computer Emergency Response Team (CERT-In) is the national agency responsible for handling cybersecurity incidents. The incidents can be reported to CERT-In via email (incident@cert-in.org.in) and Phone (1800-11-4949). Include all relevant details and evidence in your report.

File a Complaint with Cyber Cell: If you have been a victim of a phishing scam, you can file a complaint with your local Cyber Crime Investigation Cell or the nearest police station. Provide them with all the evidence you have collected. The Ministry of Home Affairs in India operates the National Cyber Crime Reporting Portal (https://cybercrime.gov.in) where you can report cybercrime incidents, including phishing attempts.

Report to RBI: If the phishing attempt is related to a financial institution, you can report it to the RBI using their email id, cybercell@rbi.org.in.

Provide as much information and evidence as possible when reporting, as it will aid in the investigation process. Stay vigilant and educate others to prevent cybercriminals from succeeding in their fraudulent attempts. And never share sensitive information via email or on unknown websites.