Are you vulnerable to fraud attacks? Here’s your safety kit

We Indians are increasingly using digital means to transact and invest.  Unfortunately, many of us don’t take online safety and internet hygiene seriously. Lack of awareness or careless behaviour can cost us a pretty penny in the world of digital wallets, mobile apps, internet banking and online shopping.

Online safety starts with behavioural safety.

Almost all of us were taught as children not to talk to strangers. But, in the digital world, the real trouble starts when a stranger communicates with you as one of your acquaintances. In general, such attacks are called ‘phishing’ attacks when clubbed together. Unless you are alert, fraudsters can trick you. You might end up losing money and sharing your sensitive personal information with attackers.

Mediums fraudsters often use

• Inbound telephone calls (popularly known as vishing)
• Email
• Websites
• Apps

Countries vulnerable to phishing attacks…

(source: RSA)

Did you know?

According to RSA, out of total cyber fraud attacks detected by RSA in Q3, 2018, 50% stemmed from phishing activities and another 24% from fraudulent mobile apps. India ranked 4 only behind Canada, the US and Netherlands on the list of countries facing the most phishing attacks.

Motives of Phishing attacks…

• Most of the time, the motive of targeted phishing attacks is to make financial gains.
• Oftentimes, phishing attacks are perpetrated to steal sensitive organisational information or your personal information
• They are also used as a medium to launch more lethal attacks in future.

It’s crucial to know more about the modus operandi of attackers

Attackers would seldom target just one individual. They would target as many customers of a bank or an e-commerce website as they can. If they use emails as a medium, they will undertake the following series of actions.

They will copy the genuine mailers sent out by a bank or an e-commerce website and make changes.

As a next step, they will change all the original links and insert the malicious ones.

Possibly they will also change the contact numbers as well.

If you respond to any of these communications, or click on the links or make a call, you might start sharing all sensitive information that you shouldn’t share with anyone.

If you click on the link, it will redirect you to the original website only after stealing your login credentials or may even direct you to a fake website that pretends to be the original one.

Fraudsters might send you a mailer, posing as a brokerage house, an e-commerce website or even a travel aggregator and make you divulge your personal information to make financial gains.

Can you do anything about it?

Of course you can.

As said earlier, behavioural safety is your best defense. Before you entertain any mail in your inbox, inspect it closely.

Here’s how you can safeguard yourself from phishing attacks

• Always check who the sender of the mail is.
• Also closely inspect the security details of the mail.
• Ensure that the sender of the mailer is one who’s signed it.
• Also, check the encryption level. If the mail isn’t encrypted, there’s a likely chance that an intruder can read the communication between you and the sender. Be wary of responding to such mails, particularly if there’s a call for action.
• Never click on any link of a mail even when it looks genuine unless it ticks all boxes given above.
• As an additional measure, you can read the text of the mail. If there are too many grammatical errors or the use of substandard and unprofessional words, there’s a possibility that somebody has modified the original mail.

Beware of rogue mobile apps

Along with email phishing attacks, crooks are also taking advantage of the popularity of apps to trick gullible people. If you download a wrong (fake app) you might end up giving away access to crucial data on your phone to fraudsters.

Therefore, when downloading a new app, pay attention to the number of downloads. Rarely will fake apps have a high number of downloads. Similarly, please bother to check who’s offering it. You would be better off using a paid app advisor which will weed out defrauding apps and issue you warnings about potential data sharing an app might be undertaking at the back-end.

Dealing with fraudsters smarter than victims…

With time, fraudsters are getting smarter. Gone are the days when somebody from the remote corners of India contacted you as a representative of the bank you have an account with. People are getting smart and avoiding such calls. But, fraudsters have become smarter too.

There have been umpteen instances wherein borrowers and investors were lured to make outbound calls. A racket trying to defraud people creates a fake identity, sets up a rogue website, does search engine optimisations and gives you the impression that it’s a genuine company. Such rackets even get landline numbers or alter their names for apps such as Truecaller.

If you call them on their landline, they will start talking to you as genuine employees of the organisation and one fine day you would realise you have been duped.

Beware of free stock recommendations coming from unknown sources

If you are a stock market trader/investor, crooks might share with you unsolicited recommendations through SMS’ and make you do an outbound call at a fake number. If you contact them, you would open a can of worms for yourself.

The best way to avoid getting trapped is to block all numbers sending you any free recommendations without having a business relationship with you.

Please remember, there are no free lunches.

Using your debit and credit cards online safely

Unless a website uses bank-grade encryption, don’t undertake any transaction on it. If you are using a reputed browser, the browser will depict whether or not the communication between you and the website is secure and private. You might use an additional layer of browser safety by using third-party browser extensions that protect you from phishing and spoofing attacks.

Develop good habits to ensure safety of data

1. Use a strong password with at least 12 characters (which contains at least one capital letter and one special character such as ‘#’,’$’ or ‘%’ to depict a few).
2. Never use the same password for multiple websites.
3. Use two-step authentication for all your accounts (wherever possible)
4. Never store your debit or credit card details on any website even if they promise you safety and convenience.
5. Don’t use free WiFi services. Attackers might exploit them to install malwares on your mobile and laptop.
6. Always install updates for apps that you use for making transactions which include e-wallets and banking apps among others.
7. Be wary of apps that seek extensive permissions, especially ones they don’t require for smooth functioning.

If you deal with any company that doesn’t care about the safety of your data, your data can get leaked to scammers without any fault on your side. We all use our email ids to login at various websites. If any of these websites fail to protect your data, a data leakage can happen.

Are you scared of your online account getting compromised? Don’t worry you can check that here.

Using a digital medium to transact and invest is just like using a highway to drive your car. If you follow traffic rules and safety measures, you will have a pleasant experience in digital India.

Have a safe journey on digital highways!

Disclaimer:

We, Ventura Securities Ltd, (SEBI Registration Number INH000001634) its Analysts & Associates with regard to blog article hereby solemnly declare & disclose that:

We do not have any financial interest of any nature in the company.

We do not individually or collectively hold 1% or more of the securities of the company.

We do not have any other material conflict of interest in the company.

We do not act as a market maker in securities of the company.

We do not have any directorships or other material relationships with the company.

We do not have any personal interests in the securities of the company.

We do not have any past significant relationships with the company such as Investment Banking or other advisory assignments or intermediary relationships.

We are not responsible for the risk associated with the investment/disinvestment decision made on the basis of this blog article.