Phishing: Getting Conned is No Fun

By | January 21, 2020

A few days ago, I watched the Netflix series, Jamtara and I was surprised at how many educated and well-placed people become a victim of phishing so easily. They were sharing their debit card and bank details so easily without any hesitation when informed of a lottery win or warning of a blocked card.

This, despite a sustained campaign by the banks and RBI to advise people to stay alert and not to share the card and bank account details, specially the OTP.

What is phishing?

The act of inducing people to share their card, bank account and other personal details including passwords and OTPs by claiming to represent the official bank or other authoritative site or its representative.

Here are some typical methods the criminals employ and tips to avoid getting conned.

Zoom

During the lockdown period, we have to work from our homes and Zoom has become very popular for team meetings, online teaching, etc. However, you need to follow some precautions while using Zoom to avoid getting hacked.

  1. Don’t use the same password in Zoom, that you use for your email account(s) or important accounts like online banking etc. If the Zoom software is hacked, your password may get stolen and misused.
  2. Always set up a password for every meeting so that uninvited people cannot join your meeting.
  3. Setup a waiting room. This way, whoever joins waits in the waiting room and only you can allow them in after verifying their identity.
  4. Check the Zoom settings and disable all the settings that you think are not relevant.
  5. If you are hosting a Zoom meeting, don’t just leave after the meeting is over. You should close the meeting.
  6. Don’t allow the participants to share their screen unless you really want them to.
  7. Don’t allow private chat between participants during the call.
  8. If you have a paid account, you can choose to use a US-based encryption server in place of the Chinese server.

This will keep your usage of Zoom safe and the chance of getting hacked or inappropriate content being shown is highly reduced. This is specially useful for those having critical conversations or where young kids are involved (like in online teaching).

Bank accounts

  1. Don’t click the links in an email that may (or may not) come from your bank. Always type the address of the bank site. You can keep this bookmarked in your browser.
  2. Before login, make sure that the site name is correct. It should be axisbank.com, not ax1sbank.com or similar.
  3. An address like axisbank.com.mysite.com is also bad. After axisbank.com, there should be a slash (/) and not another dot (.)
  4. Verify that there is a closed lock sign before the bank address.

Update

As the banks have announced a plan to allow moratoriums on the term loan EMIs due to the lockdown, lots of scammers are calling and asking for bank account and debit call details to enable delays in the EMIs. Do not fall for this. If you really need to, directly login to the bank site and put your request there.

Credit & Debit cards

  1. Your credit or debit card won’t be blocked just like that. If anyone calls you warning of this, be super skeptical. Don’t share your details. Be adamant. Tell them that you can confirm with yes/no but the caller has to provide the detail. If not, regret and cut the call.
  2. Same precautions for credit card limit enhancement. I get frequent calls proposing a limit enhancement if I tell a piece of protected information. I always refuse.
  3. Never share the OTP you have received with a caller.
  4. Debit Card PINs are other security challenges. If you really need to write down somewhere, you can add 1 or 2 to every digit to fool the thief. So, if the PIN is 2487, you can write it down as 4609.

Wallets

If someone claims to make a payment through UPI (PayTM, Google Pay, PhonePe, etc) and asks you to confirm receipt by entering your UPI password, you are being cheated. You do not need to enter any password to receive payments.

Restaurant Payments

Many of us pay with our credit cards in the restaurants. You should ask the captain or the waiter to bring the card swipe machine to your table rather than give him the card. There is a serious risk that he may copy your card details or take a photo and use it to commit online fraud. It is quite easy to use the card details to buy things online at an international site because they don’t send OTP to verify the transaction.

In fact, I have pasted a small strip of paper on the CVV so that the staff cannot see the CVV when he swipes the card in a restaurant or the petrol pump.

Email services

If you receive an email from an email service you use telling you that the account has been blocked and you need to verify your password after clicking a link, this is definitely a phishing attempt. Do not panic and do not click any such link.

Passwords

Password trick – several sites need you to specify a complicated password and you end up writing the password somewhere for ease of remembering. This is a strict no-no.

You can use Hindi or Bengali (or another local language) words in your password to make it sound complex. Example: Kyon#Bataoon$12. Another example: Isme$Tera$Ghata@123 😊

Other phishing

No company gives out free motorcycles or other freebies on special occasions. These types of messages are common on WhatsApp. The site address will be something like hero-motors.info. These are all fake sites and you should resist the temptation.

Once you handle your personal details with a bit of precaution, you will stay safe. If you ever get cheated due to a lapse of caution, immediately inform your bank in writing and also file a complaint with the cyber-cell. They can get the transactions reversed in many cases if you act quickly.

Please share a comment below if you have other tips and I will update this post with due credit to you. We can make this world a safer place, together.

One thought on “Phishing: Getting Conned is No Fun

  1. Aditya Agarwal

    The scammers know that a lot of people don’t give out passwords nowadays so they’ll not ask for that. They’ll tell that they need to verify that your account is working properly and you can help with that my installing TeamViewer (or similar apps). A person who might think that TeamViewer is a scam will see the huge number of installs and good reviews and be convinced that he has finally been approached by a genuine bank employee and install the app without actually knowing what it does and complete the setup as guided by the scammer. The scammers now see the targets screen, and at this moment generates a transaction. The target gets an OTP message and is confident that because he has not shared it, he’s safe, while the scammers see the message directly as they have access to the targets’ screen and steals the OTP completing the fraudulent transaction.

Comments are closed.