Every day, we see phishing scams happening around us. We read in the newspapers and on the internet that people have lost their hard-earned money to cybercriminals. What are these phishing scams, and how do they play out? What is the general modus operandi of these hackers? How do we identify a phishing scam email? What precautions can we take to ensure that we do not become victims of such scams? All these questions require answering. Let us discuss phishing scams in detail.
What Is A Phishing Scam?
As the name suggests, the phishing scams start with the recipient receiving a seemingly innocuous email message. Usually, such emails have catchy subject lines that entice people to venture inside and read the contents. For example, have a look at the recent NAB (National Australia Bank) phishing email scam message.
Many customers of National Australia Bank receive email messages stating that they have thrice in a row entered their password incorrectly. The emails claim that, as a result, the bank security team has to suspend their accounts and put the funds available there on hold. Customers are asked to verify their information following which the bank will release their funds. The message goes on to state that customers can go to any of the bank branches to rectify the matter. As an alternative, the email contains an activation link that can allegedly help customers to settle the issue immediately.
On the face of it, the email message appears genuine. Customers can feel perturbed if they learn that their funds have been blocked. Therefore, a significant proportion of people would go on to click on the link to try to sort out the matter. The actual issue for worry starts with this action. The link takes them to a second page where the customers have to enter their NAB login ID and passwords. This page asks the customers to verify their details, following which the customers get access to the genuine webpage of their NAB account.
The Consequences Of The Scam
- Cybercriminals get personal information of the customers on a platter. The customers themselves have unwittingly disclosed it to them. What prevents the hacker from playing havoc with your account now?
- The second variation of the phishing scam advises recipients of the arrival of an ‘Osko’ deposit. It encourages customers to click on an activation link that would enable them to view transaction history. The link takes users to a look-alike page where they have to enter their NAB IDs and passwords. After entry of this data, the phishers redirect customers to the official NAB website. However, the attackers are by now already in possession of what they’re after – the ID and password.
The Outcome Of The Scam
Customers part with confidential information on their own accord, without a hint of suspicion that something is amiss. In the meanwhile, the cybercriminals have the requisite knowledge that they can use to clean up the account in no time.
The Warning Signals
One must admit that cybercriminals are an intelligent lot. They understand human nature and the weaknesses of people beautifully. However, they also do make mistakes frequently. A trained eye can spot these errors and help prevent phishing scams. Let us now study some of the warning signals that people should have noticed.
- Notice that the email begins with the words, ‘Dear Customer.’ It should set the bells ringing in your mind. Why would the bank address you as ‘Dear Customer’ when they have access to your name?
- Secondly, if the customer had entered the wrong password thrice, the login would have been inactivated immediately. No bank sends a message about the login deactivation. The customer has to contact the bank to rectify matters.
- Where is the need to block the funds in the case of deactivation of the login ID/user account?
- The phishing email asks the customer to approach the bank branch to release the hold. Under such circumstances, there is no need for sending an activation link.
- The presence of the activation link is the most significant warning signal. As long as the customer does not click on this link, nothing untoward happens. However, the message is so enticing that it forces customers to click on the link. Here, the cybercriminals play on the customer’s eagerness to resolve the matter as quickly as possible.
- The next page is where the customer parts with the information unsuspectingly for the hacker to gain control.
- Usually, you find such messages on a Friday evening. The banks close for a couple of days during the weekend. Hence, people invariably try to resolve things on their own and end up clicking on the activation link.
- The second phishing scam example is a dead giveaway. The grammatical errors in the body of the message should have been enough to make recipients keep their guard up. However, many of them click on the link that purportedly allows them to view transaction history. The link directs the customer to a webpage where they part with their login IDs and passwords. On receiving this information, it leads the customer to their official account page only to find that there is no Osko credit at all. By this time, the customer has already parted with the confidential information.
These phishing prevention tips help you to identify a phishing email attempt. Learn to identify them, and you will avoid losing money to phishing scams.
More Precautions To Take To Avoid Phishing Scams
- Never click on any link that takes you to a bank website. Develop the habit of typing out the bank’s website address on the address bar. In this way, you will never be directed to a phishing site.
- Banks never seek information from you, such as login details and passwords.
- Banks may block your card, but not the funds in the account, with three unsuccessful login attempts.
- Banks usually inform customers through emails and SMS about any receipt of funds into the account.
Falling prey to phishing scams can end up with customers parting with vital details. These details can help hackers gain access to your bank account and steal your money. The internet has made things easy for everyone – for you as well as for people with malicious intent. One should be aware of the modus operandi of such phishing scams. With phishing prevention best practices and exercising a little care before parting with confidential information can help you save your hard-earned money.