Phishing & Vishing

We all may not be fishermen or fisherwomen, but we know about fishing. Fishermen use bait to catch fish.

But what does fishing have to do with phishing?

Well, notice how ‘phishing’ sounds similar to ‘fishing’. Phishing, however, is a cybercrime – but works just like fishing.

The criminal is like a fisherman who baits you into sharing your personal and financial information. They then use it to access your bank accounts and rob you.

How does a phishing attack look?

In phishing, criminals contact potential victims through text messages and email. They act like a trusted source – like a bank or a well-known financial institution. They trap you into sharing personal details like your full name or date of birth, and financial information like your bank account number and password.

With these details, they can access your bank account and carry out transactions that cause you financial losses.

How can you identify phishing attacks?

• You may receive an email, a phone call, or an SMS announcing that you have won an attractive prize or a lottery. The sender may ask for your details so that they can send over your winnings.
• You could receive a message that says that you have a short time to respond to score a great deal or discount.
• Phishing messages can also look like warnings. They may threaten to suspend your social media or bank accounts unless you respond within the given time.
• Sometimes, phishing messages look like they have come from a respectable organization with a familiar name. This fools the target into trusting the sender. Inspect closely, and you will see that this ‘trusted’ source has a misspelled name.
• The message or email may contain a link or attachment that it asks you to click. If it looks like it is from a suspicious source, never open the attachment or click on the link.

How to avoid phishing attacks?

To avoid financial loss and protect your personal and financial data, you will always have to be careful.

• When visiting a website, always check the address. For example, when you need to enter your username and password on a bank’s website, always check if the address begins with “https” and not just “http”. Most trusted sites use “https” because it means more security.
• Suppose you receive an email from a suspicious source, asking you to reveal personal information. Copy-paste the name or the content from the email on the search bar of your browser, and press enter. If it was part of a phishing attack in the past, a website might have mentioned it.

What is vishing?

In a phishing attack, criminals target you through SMS, emails, or suspicious websites. In a vishing attack, criminals target you on the phone.

Criminals will usually call their victims and tell them a complicated story to get their personal information. For example, someone may call you and say that they are from XYZ bank or organization. They will tell you a complex story that ends with them asking for your details.

The vishing criminals may either sound calm and soothing to gain your trust. They can also sound tense and create fear and panic within you so that you reveal your details to them.

How can you identify vishing attacks?

It is usually difficult to tell if a call is legitimate or not. To avoid falling victim to such scams, always ask the caller to provide information that identifies them. Genuine callers usually don’t hesitate to provide such information. Even then, they must prove their identity properly.

For example, if a person says that they are calling from XYZ bank, you can call the bank and check for yourself whether the person works there. If possible, use another phone to call.

Also, you should be very careful with any phone call where the caller causes panic and fear and then requests personal information. Never give in to fear. Protect yourself by always separately verifying any information such callers give you. Avoid calling back numbers that have offered you suspicious services or information on calls.

Final words No bank or financial institution will ever ask you to reveal personal or financial information (including passwords) over calls, emails, or SMS.