2 days ago, I started watching the Netflix series, Jamtara and I was surprised at how many educated and well-placed people become a victim of phishing so easily. They were sharing their debit card and bank details so easily without any hesitation when informed of a lottery win or warning of a blocked card.
This, despite a sustained campaign by the banks and RBI to advise people to stay alert and not to share the card and bank account details, specially the OTP.
What is phishing?
The act of inducing people to share their card, bank account and other personal details including passwords and OTPs by claiming to represent the official bank or other authoritative site or its representative.
Here are some typical methods the criminals employ and tips to avoid getting conned.
- Don’t click the links in an email that may (or may not) come from your bank. Always type the address of the bank site. You can keep this bookmarked in your browser.
- Before login, make sure that the site name is correct. It should be axisbank.com, not ax1sbank.com or similar.
- An address like axisbank.com.mysite.com is also bad. After axisbank.com, there should be a slash (/) and not another dot (.)
- Verify that there is a closed lock sign before the bank address.
Credit & Debit cards
- Your credit or debit card won’t be blocked just like that. If anyone calls you warning of this, be super skeptical. Don’t share your details. Be adamant. Tell them that you can confirm with yes/no but the caller has to provide the detail. If not, regret and cut the call.
- Same precautions for credit card limit enhancement. I get frequent calls proposing a limit enhancement if I tell a piece of protected information. I always refuse.
- Never share the OTP you have received with a caller.
- Debit Card PINs are other security challenges. If you really need to write down somewhere, you can add 1 or 2 to every digit to fool the thief. So, if the PIN is 2487, you can write it down as 4609.
If someone claims to make a payment through UPI (PayTM, Google Pay, PhonePe, etc) and asks you to confirm receipt by entering your UPI password, you are being cheated. You do not need to enter any password to receive payments.
Many of us pay with our credit cards in the restaurants. You should ask the captain or the waiter to bring the card swipe machine to your table rather than give him the card. There is a serious risk that he may copy your card details and use it to commit online fraud.
In fact, I have pasted a small strip of paper on the CVV so that the staff cannot see the CVV when he swipes the card in a restaurant or the petrol pump.
If you receive an email from an email service you use telling you that the account has been blocked and you need to verify your password after clicking a link, this is definitely a phishing attempt. Do not click any such link.
Password trick – several sites need you to specify a complicated password and you end up writing the password somewhere for ease of remembering. This is a strict no-no.
You can use Hindi or Bengali (or another local language) words in your password to make it sound complex. Example: Kyon#Bataoon#12. Another example: Isme$Tera$Ghata@123 😊
No company gives out free motorcycles or other freebies on special occasions. These types of messages are common on WhatsApp. The site address will be something like hero-motors.info. These are all fake sites and you should resist the temptation.
Once you handle your personal details with a bit of precaution, you will stay safe. If you ever get cheated due to a lapse of caution, immediately inform your bank in writing and also file a complaint with the cyber-cell. They can get the transactions reversed in many cases if you act quickly.
Please share a comment below if you other tips and I will update this post with due credit to you. We can make this world a safer place, together.