The current pandemic has presented a unique situation that the world has never witnessed before. The lockdown across major cities globally and in India has led organisations to leverage technology to keep everyone connected and operating seamlessly. Back in India, as a record number of people continue to work from home in the wake of Covid-19, a new set of consumers are migrating to the world of e-commerce and online services. While this has also led to a greater number of people making digital payments for services otherwise paid for through face to face transactions, like groceries, medicines and bills, it has provided fraudsters an opportunity to exploit fear, curiosity and anxiety as citizens respond to the spread of Covid-19.
Frauds and scams are becoming increasingly sophisticated and technology driven. With the possibility of gathering a significant amount of personal information from social media platforms, new age fraudsters are more informed and well prepared to conduct their malicious activities at the most opportune time. The recent advisory to internet users by the Computer Emergency Response Team of India (CERT-In) on the increase in the number of cyberattacks – with more professionals being asked to work from home – proves the same. Since the outbreak, phishing attacks have emerged as the most common way of stealing personal information. According to Atlas VPN, the number of spoofed websites used for phishing rose by 350% since January, to more than 500,000 globally. With travel restrictions and social distancing norms expected to stay for the coming months, listed below are some common and frequently used phishing attacks and appropriate actions that consumers should take to keep their data safe. Here are the Dos and Don'ts:
Phone call phishing or vishing: It is typically a phone call where the caller poses as the representative of your credit card company or bank and asks for your card details and the three-digit security code, a one-time password or PIN to be shared over the call. Banks and financial institutions never ask for such sensitive information like PINs, much less over a call. It is advisable that consumers never give out personal information to anyone claiming to be a representative of a card company or bank over a phone call.
Email phishing: These are emails designed to look like they have come from a legitimate bank, government agency or organization. It asks recipients to click on a link that takes them to a page to confirm personal data, account information, etc. Consumers should look closely for spelling and grammatical errors, incorrect website URLs in the subject line or body and even compare it with earlier emails from the sender. Simply put, one should not proceed with suspicious looking links sent via text messages/ emails.
Text message phishing: Users receive a text message with a link that requests them to login to their bank account to verify a transaction, enter PIN or provide their CVV code, sometimes with the bait and threat of pending account closure. The text message may not necessarily contain the name of the bank. Consumers can cross check on any such information by calling the bank’s assistance numbers.
Website phishing: An unusual pop-up shows up on a site that requests for account information in return for an incentive, prize or lottery. Besides looking for misspelled words, users should also look for incorrect logos. While visiting an e-commerce website, online shoppers must check for ‘https’ instead of ‘http’, contact information and return policies thoroughly. It is advisable to shop from reliable websites and not fall prey to lucrative offers on an unknown one. Besides, it is better to ignore overly aggressive pop-ups and push notifications.
Social media phishing: Users receive a friend request from an unknown person with a post telling people to click on a link that asks for personal information. To put it simply, “if in doubt, leave out”. It is safer to not share any information with unknown ‘friends’ than get duped.
As we learn to adapt to new norms in everyday life, digital payments will become an integral element to how we transact. Taking simple precautions such as using password managers, saving passwords only on trusted devices and websites, turning on bank notifications and SMS alerts are a good safeguard in case login credentials are compromised. As no solution is fool proof, incorporating these safety measures can go a long way in staying a step ahead of fraudsters and protect yourselves.