Phishing, vishing and smishing

Sometimes you get a message asking for personal or private information like a bank account, login credentials or credit card details. It is considered trustworthy if it comes through a trusted source, like a partner bank or a financial organisation. 

However, unfamiliar sources could indicate an attempt to steal information, and it is called a phishing attack.  In vishing, the caller impersonating a bank official or police tries to persuade the victim to divulge details on the phone. 

Smishing refers to the messages that extract data and gets payment from the victim. All three represent a search for the victim who is contacted through multiple ways, schemes and tactics; they are offered different stories and plans to persuade to divulge the details they can use to commit the frauds. 
Some of the techniques and tools used by criminals are - 

Websites – A bogus site is created to get registration from the users through a link redirect.

Email- They post emails to the target with integrated links to the web page. They offer the registration form to the user to get responses against surveys or ask them to fill in details to submit for a subscription service. 

They send discount coupons or forms to offer tax rebates or ask the victim to fill in the form to get security for their device. If you click on such links, it downloads malware designed to get all the information stored in your system.

Tricksters can use social media like Facebook or Twitter to redirect victims to spoofed websites. The scammers copy the target users' account information on Facebook and create a duplicate account; they send a request to the user's friends. 

If the Facebook friends accept the requests, they post messages and ask them to pay money for a charity or seek financial favours for various other reasons.\

A phone call is the most common tool utilised by such individuals to convince the victim to buy into schemes or investment plans and divulge important details. Sometimes the criminals send voicemails and ask the client to call on a specific number. If the user tries to respond – they are redirected to premium rate subscriptions.

How To Protect Yourself?

• Do not assume the emails or text messages that appear to be coming from a reputable firm can be blindly trusted. The fraudsters may spoof website addresses to carry out the crimes.

• Do not trust the voicemails coming from authorised individuals. Verify all related details to ensure its reliability.

• Use spam filters and always mark suspicious emails.

How To Spot a Bogus Message?

• There can be multiple errors in the messages sent by scammers. For example, there can be multiple spelling or grammatical mistakes. 

• If the messages use odd spellings with a combination of small and caps in the subject, it indicates a scam. It is because they often use such words to get through the filters.

• If the sender does not know your name, it addresses like "To our valued clients..." and if there are multiple irrelevant phrases or words in their message. 

• If they send mails through web-based addresses, verify their origin and find if the address is spoofed or original.

• Keep a record of all transactions related to your bank account and always check the bank statements to identify disparities. 

• If you suspect a fraud, report it to the regulatory authorities.