Cyber Talk: Do not get vished, smished or phished!
Going digital has many advantages, but at the same time, it makes us vulnerable to online fraud because of our increased online presence. Online payments have made our lives easy in the last few years, with most customers, shops and even small-time vendors preferring online payment methods over cash.
Scammers send fake SMS with short links to defraud people. Most of the scams are called phishing frauds that lead to the loss of money and there are many instances wherein malware is also installed on the victims’ smartphones after they have clicked the short links sent by the scammers.
Phishing, psychological factors used by scammers
Phishing is a method of trying to gather personal/sensitive information using deceptive phone calls, SMS, emails, blogs and websites, and later stealing the data or money from victims.
The analogy is of an angler throwing a baited hook (the phishing email) and hoping the victim will bite. Scammers use three methods to defraud people — phone calls (called ‘vishing’), SMS (called ‘smishing’) and email (called ‘phishing’).
Scammers use psychological factors such as trust, ignorance, fear, greed, moral duty, urgency, panic and anger to defraud their victims. In all the above cases, fraudsters pose as official persons — like bank officials or customer-care executives from service providers.
SMS/WhatsApp scam messages circulating in India
Amount credited scam: Kindly acknowledge that your account is to be credited with Rs. 3000. Enter your information and check now (a bogus short link will be provided). Scammers claim they transferred funds in error and want a refund.
Electricity bill scam: ‘Dear Customer: Your electricity will be disconnected tonight at 8.30 pm from the Electricity Office, because your previous month’s bill was not updated. Please immediately contact the officer (a fake number will be given). Thank you.’ Victims click on the short link and start paying the bill, thereby losing money.
Bankers’ update scam: ‘Dear User, Your Y0NO SBI Net-Banking Account Will Be Suspended Today; Please update Your PAN Card by Clicking Here (a fake short link will be provided).’ Victims start giving personally identifiable data and entering the requested OTP, and end up losing money.
Credit card due scam: ‘Dear Customer, please pay your missed total amount due of Rs 2,786.74 or minimum amount due of Rs 140 on your ICICI Bank credit card ending with 0003 using digital modes at our portal. Do it yourself (a fake short link will be given). Please ignore if already paid. Watch the UPI payment video at (a fake video link will be given) and the VPA ID creation video at (a fake video link will be given).’ Victims start giving personally identifiable data and entering the requested OTP, thereby losing money.
Romance scam: ‘Are you Feeling Alone in your life… a sweet call can achieve your dreams, friendship -dating-partner is waiting for you. Call Neha (a fake number will be given).’ Victims divulge personal information and get engaged in explicit conversations. As a result, they become victims of a blackmailing scam.
Lottery scam: ‘Your mobile no. has won Rs 1.85 crore and a car in awards by Hyundai Motor USA. To Claim send your names, mobile no, Address, JOB Reply to (a fake email will be given).’ Victims start giving out their data and enter the requested OTP, scan the QR code toward GST and gift taxes, etc., and lose money.
Cash-on-delivery scam: You get a message/call from a courier agency claiming that you have ordered on an e-commerce site on a ‘cash-on-delivery’ basis. They request an OTP either to receive or cancel the order.
Some useful tips
• Verify the short URLs or links using unshorten.it, even if they were sent by known sources.
• Check the link twice before clicking it and use isitphishing.org or www.urlvoid.com to ensure it is not a phishing link.
• Never send sensitive, personal or proprietary information via email, regardless of who is asking for it.
• Check the complete headers of the email using https://mxtoolbox.com/EmailHeaders.aspx or https://dnschecker.org/email-header-analyzer.php
• Check how apps access your data using https://reports.exodus-privacy.eu.org/en/
• Verify the actual SMS sender by using https://smsheader.trai.gov.in/
• You will notice poor spelling and grammar throughout the email or SMS.
• Note down links or forms asking for personal information (passwords and bank information)
What to do when you are scammed
Report the scam to your local cybercrime police authorities, register a complaint on https://www.cybercrime.gov.in or dial the toll-free number 1930 immediately. 1930 is operated by Citizen Financial Cyber Fraud Reporting and Management System, Government of India.
