What is Phishing?
Phishing is a method of acquiring sensitive data (financial or confidential) from users. It is done mainly by sending fake emails that appear to be from a legitimate source. Since internet has been spreading with the increase in user base such kinds of scams are also growing. Although banks and other financial organizations intimate their users to not share the sensitive data still users fall prey to such phishing emails.
What does the email contain?
The first part of the email talks about the prize money you have won in a lottery or some gift money or saying that funds need to be transferred to your account according to the will of some deceased person. In some other cases the email claims of your bank account password being compromised and so kindly log into your bank account and change the password of course your bank website link (fake link) is mentioned inline with the email. All of the above acts intended to cyber steal from you.
You can see the email attachment below which shows that email has been sent from RBI(Reserve Bank of India) it has name of its Governor and other authorities to claim that it is legitimate. But RBI never sends such emails and they have already published a notification which says this but still people fall into the trap.
The Billion Dollar Prize mail :
Like the above mail the billion dollar/pound prize mail asks you to claim your prize for which they ask you for certain data. The data asked for in this particular mail may not be that sensitive but can be used to hack/keep track of your account. However in this particular case after they receive your reply with the details they then mail you that your money is ready to be transferred but you have to bear a small conversation charge/transaction fee that is needed to be deposited in a bank account. The details of the bank account are furnished in the second mail that you receive which may be in thousands or lakhs. If you transfer the amount to the account you may be further asked for some other fee or just be duped once and then you won’t receive any communication further.
The Bank Link mail :
This email is the most dangerous phishing weapon, it directly steals your password and the hacker can simply log into your bank account and wipe away every penny of yours. In such kind of email where you are asked to log in your back account via the bank account website link mentioned in the email which appears to be your bank website but actually is a fake website created to hack your password. The website is a cloned bank website for example if your bank website is www.yourbank.com the fake would be www.yourbank.co. The fake website will not log you into the account because it is not intended to do that but will save your credentials on its server granting access to the hacker to take control of your account.
What not to do?
- Do not use public computers to log into your bank accounts.
- Do not reply to to any such “claim your prize” emails they are 100% frauds.
- Do not share your bank information(credentials) with anyone even claiming to be bank employee.
- Do not follow a link to your net banking.
- Always look for the security certificate and remember that any secured site will always start with https:// and not http://
- Do not be greedy for the prize money, just remember there are no free lunches.
We have heard of many such scams but the people falling for it just don’t stop the reason behind it is the greed which stops us from thinking beyond what our eye meets.