Phishing :
Hacking Human Mind is much easier than hacking a computer or business. Attackers prey on human weaknesses like fear, greed, trust, desire, ego, sympathy, ignorance, carelessness, and haste.
Fraudsters Scam People using (1) Phone Calls – Referred as Vishing (2) SMS – Referred as Smishing (3) Email – Referred as Phishing
Phishing is a method of trying to gather personal/sensitive information using deceptive Phone Calls, SMS, E-mails, Blogs, and Website and then steal data or money from the Victims. The analogy is of an angler throwing a baited hook (the phishing email) and hoping the victim to bite. It appears to be an increasingly sophisticated, form of cyber-attack but is just that, they play with common sense and steal from Individuals.
The availability of data on the dark web makes it easy for cybercriminals, even those with minimal technical skills launch phishing campaigns. Jamtara a serial on Netflix is a direct replica of how phishing is done at Jamtara, a city in Jarkhand State.
Once the data from the dark web is purchased, all the attacker needs to do is send out emails, SMS, WhatsApp messages to potential victims. Phishtank and OpenPhish are few sites where crowd-sourced lists of known are kept and often referred to as phishing kit sites.
Often Malware is also sent via Phishing emails and their aim is to infect victim devices with malware. Often the messages are soft targeted, to illustrate an example they will send a spoofed email as boss (CFO) with a request to transfer a fund on an urgent and priority basis, many corporates have fallen to this fraud. Few emails often used for phishing contain .zip files or Microsoft Office documents with malicious embedded code with some of them leading to ransomware.
Other forms of phishing are (a) Spear phishing – Where fraudsters try to send a spoofed message to appeal to a specific individual (b) Whale phishing – A form of spear phishing aimed at the very big fish i.e., CEOs or other high-value targets.
If you have been a victim of Phishing, Report to National Cyber Portal at https://cybercrime.gov.in/, It hardly takes few minutes and you don’t even need to visit the Police Station to register a complaint.
Psychological factors used by scammers :
- Trust: Exploiting that impulse is the basis of social engineering.
- Ignorance: Lack of knowledge about social engineering attacks makes people and organizations vulnerable, pretending they are in a position of authority (like executive or manager of any bank).
- Fear: People are afraid of loss, and fraudsters exploit people’s fears. For example, they might send a message or make a call warning about the possible loss of employment or money, or access.
- Greed: Scammers/fraudsters promise rewards in exchange for divulging information, it will be in the form of seeking advance taxes or security deposits or customs fees before they actually receive.
- Moral duty: People often feel obliged to help scammers/fraudsters when asked for help especially seeking donations during floods or Covid19
- Urgency: A scammers/fraudsters might call or email in the guise of a high-ranking chief executive officer who requires an urgent transfer of funds, they usually spoofed emails posing as their boss.
- Panic / Anger: People don’t think clearly when they’re pressured to act quickly. When social engineers call you pretending to support and provide a frantic scenario that compromises your safety (like resetting the expiry date of your credit/debit card)
Digital Safety Tips :
- Verify Short URLs or Links – Use tools like https://www.unshorten.it or https://www.checkshorturl.com to verify the destination of short URLs, even if they are from trusted sources.
- Double-Check Links Before Clicking – (a) Before clicking a weblink or downloading attachments from unknown contacts, hover over the link to check its destination. (b) Use tools like or https://www.isitphishing.org/ or https://www.urlvoid.com to verify links.
- Do Not Share Sensitive Information via Email – Avoid sharing sensitive, personal, or proprietary information through email, regardless of who requests it.
- Verify Fund Transfer Requests – (a) If you receive an email requesting a fund transfer (even from your boss), check the full email headers using tools like: (b) MXToolbox Email Header Analyser. (c) DNS Checker Email Header Analyser
- Beware of Poor Language in Emails or Messages – Be cautious of emails or SMS with poor spelling and grammar, as they often indicate phishing attempts.
- Search Customer Care Numbers Cautiously – Avoid searching for customer care numbers on search engines i.e., Google etc. Instead, use the official app or website to find accurate contact information.
- Be Careful with QR Codes, OTPs, and Banking Information – Scanning a QR code or sharing your OTP, UPI PIN, bank card details, or CVV transfers money from your account. Always stay vigilant.
- Enable Two-Factor Authentication (2FA) – Protect your social media, banking, and email accounts by enabling 2FA for an added layer of security. You can use 2FA in many ways (a) SMS Token (b) Email Token (c) Hardware Token (d) Software Token (e) Phone Call (f) Biometric Token
- Do Not Share Your Screen During Sensitive Transactions – Avoid sharing your screen while performing online banking or logging into email and social media accounts.
- Install Genuine Antivirus and Anti-Malware Software – Ensure your devices are protected by installing original antivirus and anti-malware software to safeguard against cyber threats.