What are phishing, vishing and SMiShing and how can you protect?
Protect yourself against Phishing and Vishing: We have taken all efforts to protect our customers from fraudulent practices such as Phishing and Vishing, however our efforts can be much more effective if you join hands with us to protect yourself.
What is Phishing?
Phishing is a method by which the fraudster attempts to obtain personal and financial information through legitimate looking emails. Typically, the messages will appear to have originated from renowned and trustworthy domains. The e-mail usually contains a link to a fraudulent web page with the organization’s logo and content, and could request for confidential details such as passwords, PIN, OTP, CVV, etc.
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. Wikipedia
Here are some questions to ask if you think you have received a phishing attack:
- Do you know the sender of the email? If yes, still be cautious before clicking a link. If no, do not click any links.
- Are there any attachments in the email? If so, is the attachment an executable (a file with the extension .exe, .bat, .com, .vbs, .reg, .msi, .pif, .pl, .php)? If so, do not click on the attachment. Even if the file does not contain one of the above mentioned extensions, be cautious about opening it. Contact the sender to verify its contents.
- Does the email request personal information? If so, do not reply.
- Does the email contain grammatical errors? If so, be suspicious.
- If you have a relationship with the company, are they addressing you by name?
- Have you checked the link? Mouse over the link and check the URL. Does it look legitimate or does it look like it will take you to a different Web site?
What is Vishing?
Vishing (or voice phishing) is when fraudsters obtain details through a phone call or a text message asking the recipient of the call/message to reveal confidential details. You may also be requested to call a particular number and asked to reveal or key in confidential details on the interactive voice response (IVR) system under the pretext of verifying your Credit Card related information.
Voice phishing is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward. It is sometimes referred to as ‘vishing’ – a portmanteau of “voice” and phishing. Wikipedia
To avoid being fooled by a vishing attempt:
- If you receive an email or phone call asking you to call and you suspect it might be a fraudulent request, look up the organization’s customer service number and call that number rather than the number provided in the solicitation email or phone call.
- Forward the solicitation email to the customer service or security email address of the organization, asking whether the email is legitimate.
Though vishing and its relative, phishing, are troublesome crimes and sometimes hard to identify, there are things that you can do to protect your identity.
Always remember, Bank will never, through any medium, ask for:
- PIN (personal identification number)
- CVV (card verification value)
- OTP (one-time password)
- Card expiry date
- Your IndusNet login or transaction password
- Reward Points redemption information
What do you do when you receive such communication?
- Do not respond to such emails, messages or call any number as mentioned
- Do not click on the links, download the files or the attachments
- If you suspect you have received a Phishing or Vishing communication claiming to be from the Bank, please contact us immediately
Just like phishing, smishing uses cell phone text messages to lure consumers in. Often the text will contain an URL or phone number. The phone number often has an automated voice response system. And again just like phishing, the smishing message usually asks for your immediate attention.
In many cases, the smishing message will come from a “5000” number instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone.
Do not respond to smishing messages.
Must Read –