Email has become a standard mode of communication today. We receive all kinds of email -- personal, official, and marketing mailers too. Cleverly written subject lines may draw our attention to certain emails. So it might be tempting to click on a click in an email that says: "It's your birthday and we are giving you a free SPA treatment. Click here to avail of this offer".
And if you do click that malicious link in the email newsletter, it will lead you to a website that asks for your personal credentials, in the guise of registering for the service. Worse, it may download a malware (malicious software) in the background that will snoop for sensitive information and send it back to a hacker. This activity is called Phishing.
Phishing is a fraudulent act that lures victims into sharing sensitive data such as bank details, logins, PINS, passwords, or biometrics with the attacker. In 2017 there was a record growth in phishing sites (fake sites), with over 1.3 million such websites surfacing on the internet. With the recent breach of the security firm RSA, it is clear that even experts aren’t immune.
Hackers and scammers post fraudulent links on websites. Clicking on these links will either install malicious software on your computer, or lead you to a false website that looks like a real banking website. These fraudulent links can also arrive through a convincing newsletter by email. You could also get an email from someone who pretends to be an authority in your bank, asking you to click a link and change your password. So be aware and look for the signs.
How to avoid phishing scams
Phishing is an ever-looming risk on the internet but taking certain precautions can prevent one from falling prey to such attacks. Unlike a direct invasive attack, phishing requires cooperation from the victim – it needs them to initiate some sort of action or volunteer sensitive information. Here’s how to avoid such scams:
Identify signs of fraud: Phishing websites and email will often be riddled with grammatical errors and fake branding. These are often tell-tale signs of a phishing attack, so carefully inspect a website before interacting with it. If the email or website contains offers and services too good to be true, they are usually designed to lure unsuspecting victims.
Look at the URL or website address closely. Do you see a misspelling in the bank name? A genuine bank website address will always be prefixed with 'https'. That is an indication that all communication between your browser and the bank's website is encrypted.
Click cautiously: Most phishing sites spread their reach on the internet by posting flashy and lucrative links on websites with high user traffic. Clicking on these can seriously compromise your security. It is advisable to inspect links before interacting with them. If they look suspicious, do a quick web search to identify the bank’s official website address or URL.
Exercise caution: Use only trusted and genuine software and services when banking online. Access websites only through official links and sources, and follow proper security procedures. Check if the website is secure by inspecting its URL for the SSL certificate (the web address will be prefixed with 'https'). It is advisable to have two devices – one for work and one for personal use – so that the security of the work device is never compromised.
How to recover from a phishing attack
Phishing scams can cause an incredible amount of damage to the victim. Hence, it is crucial to act on a strategy to minimise damage if you are the victim of a phishing attack.
Change all your passwords: Since the scammers could have access to all your accounts, the first step should be to change your login credentials and passwords to keep them out of the system and prevent further damage.
Contact the officials: The next step would be to call your bank and explain the situation to them. They will then freeze your account so that no further transactions can be conducted. The police department of most states has a cybercrime division, which needs to be informed as well.
Scan your system: After securing your system, scan it to ensure the attacker did not install any malware or backdoor software on the device for future attacks.
If you ever find yourself at the receiving end of a phishing scam, don’t panic. Even the most complicated attack can be resolved with the help of your bank and the police authorities. Above all, remember to exercise caution in all your online transactions!
Delete emails from unknown sources: Go through your Inbox once a week and delete marketing mailers and emails from unknown sources.
Read more on how to experience a secure online banking experience.
HDFC Bank has a secure banking policy to protect you from email phishing attacks. At HDFC Bank, we strive to give you a secure online banking experience. Learn all about banking online safely, and the measures we take to protect you here.
* The information provided in this article is generic in nature and for informational purposes only. It is not a substitute for specific advice in your own circumstances
