Know how fraudsters commit cyber fraud via phishing attacks!

These days, fake emails and SMS are being sent to people in the name of providing Income Tax Refunds (ITR). They contain a link that is said to belong to the Income Tax Department. The message or email asks to click on the link to verify their bank account details in order to receive the ITR refund.

  • Last Updated : May 17, 2024, 14:11 IST

As cases of cyber fraud are increasing in the country, even well-educated individuals are falling victim to such scams. Cyber frauds come in various forms, and one of these is phishing attacks. In India, people receive phishing emails extensively, and by falling prey to such scams, they, are losing their hard-earned money. According to cloud communications company, Tanla Platforms, around 30 crore people in the country are at risk of phishing attacks. Out of these, approximately 5 lakh individuals become victims of such frauds. Among those who fall prey to these scams, only 7 percent actually report the incidents, as per their data.

Now the question is what is Phishing?

Phishing is a cybercrime where individuals are contacted via email, telephone, or text messages. Cyber criminals pose as reputable institutions, agencies, or companies, and deceive people into sharing sensitive personal details like banking information, credit/debit card details, and passwords. To understand this, you can consider an example. These days, fake emails and SMS are being sent to people in the name of providing Income Tax Refunds (ITR). They contain a link that is said to belong to the Income Tax Department. The message or email asks to click on the link to verify their bank account details in order to receive the ITR refund.

When you click on the link, a page that looks just like the Income Tax e-filing page will open. On this page, you will be asked to enter personal details to claim the income tax refund. These personal details may include your full name, PAN card details, Aadhaar number, bank account details, ATM card PIN, and more.

After entering the details, the web page will prompt you to install an app. Once installed, the app requests device administration rights and several other access permissions. Now that you have granted these permissions, within a few minutes, your bank account will be emptied.

Similar scams are being carried out as well. For instance, last year, phishing emails were sent to people in the name of the jewelry company Tanishq. The emails claimed that on the event of celebrating their company’s 30th anniversary, individuals were being given a chance to win ₹6,000. To claim the prize, they just needed to answer a few questions.

The purpose of this phishing email was also to steal people’s personal details and deceive them. You must’ve understood what phishing is by now.

Now, let’s look at how people are tricked through phishing emails, what the process of the scam is, and how you should remain vigilant.

Firstly, offers are presented in these scams that seem “Too Good To Be True.” This means that emails or messages come in, claiming that you’ve won an iPhone, a lottery, or some other grand prize. The aim is to grab your attention. Be cautious here, and avoid clicking on any suspicious email. Remember, if something seems too good to be true then it probably isn’t.

Secondly, a sense of urgency is created. This is a favorite tactic of cyber criminals. They will say that the deal or offer is only available for a limited time and that you have only a few minutes to respond. This is a red flag. Ignore such claims whenever you encounter them. Whenever you’re in doubt, go directly to the official website of the organization, and if there’s a chatbot, ask about the offer.

Just like we discussed with the Tanishq example, what should you have done if you received such an email? You either ignore it or check the official Tanishq website. After all, if it’s their 30th anniversary, they would surely have some information about it on their site. Isn’t it?

In the email, the links provided to websites will likely have some misspellings or variations in their web addresses. For instance, if a claim is made about a site belonging to Delhi Development Authority (DDA), the website links might look like https://DDAflat.org.in/index.php, www.ddaflat.org.in, www.ddaeauction.in, and www.ddahousingyojana.com, while the actual legitimate website of DDA is dda.gov.in (https://dda.gov.in).

Additionally, the email may contain attachments. Never open those attachments. They might contain malware or other viruses that could compromise your system and steal your data. In cases like these, being cautious and aware is the biggest form of security.

Published: August 23, 2023, 13:28 IST
Exit mobile version