How to spot and stop Phishing attacks

Phishing attacks have become increasingly frequent, targeting Indians through emails, text messages, and phone calls. As mobile devices become our primary gateway to digital services, India has emerged as a prime target for these deceptive schemes. Understanding how these scams work is thus important to safeguard your identity and your money.

Let’s break down Phishing and its types:

What is Phishing?

Phishing is a social engineering scam where fraudsters deceive people into revealing sensitive personal information or clicking malicious links that lead to downloading malware.

Phishers typically use deceptive emails that mimic legitimate organizations, like your bank, a social media platform, or even a government agency. These messages often create a sense of urgency, urging you to click a link, download an attachment, or provide personal details like passwords, debit / credit card numbers or aadhaar credentials.

How to Identify Phishing Emails

• Generic content: Legitimate emails typically address you by name, specify your details such as card number or account number if it’s from a banking entity or order number in case it’s an e-commerce brand. Phishing e-mails will have generic content and will only urge you to click on a link.
• Suspicious sender addresses: Check the email address carefully. It might contain misspellings or unusual characters.
• Urgent calls to action: Phrases like “Immediate action required” or “Your account will be suspended” are red flags.
• Requests for personal information: Legitimate organizations rarely ask for sensitive information via email.
• Grammar and spelling errors: Phishing emails often contain typos and grammatical mistakes.

How to Avoid Phishing

• Be skeptical of unexpected emails: Even if it looks like it’s from a trusted source, be cautious and don’t rush into clicking on the links without carefully reading the message and verifying the sender.
• Never click on links in suspicious emails: Instead, type the website address directly into your browser.
• Verify the sender’s identity: Contact the organization directly through a known phone number or website to confirm the email’s legitimacy.
• Keep your software updated: Antivirus software and web browsers can help detect phishing attempts.

What is Smishing?

Smishing (SMS phishing) is a type of fraud where scammers use text messages to deceive victims into clicking malicious links or providing personal information. They might impersonate delivery services, banks, or even claim you’ve won a prize.

How to Identify Smishing Scams

• Fake package delivery notifications: “Your package is arriving soon. Click here to confirm your address.”
• OTP and Personal Data Requests: Fraudsters trick individuals into sharing OTPs or personal details under the pretense of account verification.
• Fake contest or prize wins: “Congratulations! You’ve won a free gift. Claim it now!”

How to Avoid Smishing

• Don’t click on links in suspicious texts: Be wary of SMSs, even if the phone number looks familiar.
• Never reply with personal information: Legitimate organizations will not ask for sensitive data via text.
• Block suspicious numbers: This can help reduce the number of smishing attempts you receive.

What is Vishing?

Vishing (voice phishing) is a type of scam where criminals use phone calls to trick individuals into divulging confidential information. Vishers often impersonate technical support, government agencies, or even family members in distress. They use social engineering tactics to manipulate you into providing personal information or financial details.

How to Identify Vishing Scams

• Caller ID Spoofing: Fraudsters make calls seem like they come from legitimate sources.
• Emotional Manipulation: They create a sense of urgency, such as claiming your bank account has been compromised or that you owe taxes.
• Social Engineering: They ask for sensitive details, including passwords, PINs, or OTPs, under the guise of verifying your identity.

How to Avoid Vishing Scams

• Never disclose banking details or OTPs over the phone, even if the caller claims to be from a bank.
• Be cautious of unsolicited calls asking for financial or personal information.
• If in doubt, hang up and call the official customer service number of the institution.

The Common Thread: Manipulation

While the methods differ, phishing, smishing, and vishing all rely on manipulation. They exploit our trust, fear, or curiosity to trick us into acting against our best interests. By understanding how these scams work and practicing safe online habits, you can significantly reduce your risk of becoming a victim. Stay informed, stay vigilant, and don’t fall prey to phishing scams!

How to Report Phishing, Vishing & Smishing Incidents

If you suspect you have been targeted by a scam, report it immediately:

Reporting on PhonePe

• PhonePe App: Go to the Help section and raise a complaint.
• PhonePe Customer Care: Call 80-68727374 / 022-68727374.
• Webform Submission: Visit PhonePe Support.
• Social Media Reporting:
  • Twitter: PhonePe Support
  • Facebook: PhonePe Official
• Grievance Redressal: File a complaint at PhonePe Grievance Portal.

Reporting to Authorities

• Cyber Crime Cell: File a complaint online at Cyber Crime Portal or call 1930.
• Department of Telecommunications (DOT): Report suspicious messages, calls, or WhatsApp fraud via the Chakshu facility on Sanchar Saathi Portal.