Explained: What is a phishing attack on bank accounts and how to avoid it

New Delhi: There is an increased risk of cyber attacks on bank accounts and financial systems as more and more people use home wifi, which is not as safe as office wifi which is monitored by experts, as they work from home due to the Covid restrictions. Phishing is a widely used method by cyber attackers and hackers to steal personal and financial data to commit online frauds.

Phishing is a general term for emails, text messages as well as websites fabricated and sent by criminals to lure customers in giving away their sensitive data. These attacks are designed in such a way that looks like they have come from well-known and trusted businesses, financial institutions and government agencies, with an ill-intent to collect personal, financial and sensitive information.

These phishing attacks on the bank and financial customers are also known as brand spoofing. If a bank customer or someone who uses online financial services receives an email that appears to be suspicious, do not reply to it or click on the link it provides. Simply delete it. And this incident should be reported to the concerned bank or to the financial service provider.

Be aware of methodologies used by cyber criminals

Phishing attacks use both social engineering and technical subterfuge to steal customers' personal identity data and financial account credentials. In such cases, bank customers receive a fraudulent e-mail seemingly from a legitimate Internet address. Such emails invite people to click on a hyperlink provided in the mail. If any clicks on the hyperlink believing it to be genuine then it directs the customer to a fake website that looks similar to the genuine site.

Usually, the email will either promise a reward on compliance or warn of an impending penalty on a non-compliance. Usually, these cyber criminals ask people to update their personal information, such as passwords and credit card and bank account numbers etc.

If the person believes and provides personal details in good faith and clicks on the 'submit' button then most likely he or she will get an error page. It means the user has already fallen prey to a phishing attempt and shared his or her sensitive data with the cyber criminals.

How you can avoid a phishing attack

You should never click on any link which has come through e-mail from an unexpected source. It may contain malicious code or could be an attempt to 'phish'. Secondly, do not provide any information on a page which might have come up as a pop-up window. Thirdly, never disclose any personal information via text message, including account numbers, passwords, or any combination of sensitive information that could be used fraudulently.

Never ever provide your password over the phone or in response to an unsolicited request over email. You should always keep in mind that information like password, PIN, TIN, etc. are strictly confidential and are not known even to employees or service personnel of your bank or other financial service providers. You should therefore, never divulge such information even if asked for.

New Delhi: There is an increased risk of cyber attacks on bank accounts and financial systems as more and more people use home wifi, which is not as safe as office wifi which is monitored by experts, as they work from home due to the Covid restrictions. Phishing is a widely used method by cyber attackers and hackers to steal personal and financial data to commit online frauds.

Phishing is a general term for emails, text messages as well as websites fabricated and sent by criminals to lure customers in giving away their sensitive data. These attacks are designed in such a way that looks like they have come from well-known and trusted businesses, financial institutions and government agencies, with an ill-intent to collect personal, financial and sensitive information.

These phishing attacks on the bank and financial customers are also known as brand spoofing. If a bank customer or someone who uses online financial services receives an email that appears to be suspicious, do not reply to it or click on the link it provides. Simply delete it. And this incident should be reported to the concerned bank or to the financial service provider.

Be aware of methodologies used by cyber criminals

Phishing attacks use both social engineering and technical subterfuge to steal customers' personal identity data and financial account credentials. In such cases, bank customers receive a fraudulent e-mail seemingly from a legitimate Internet address. Such emails invite people to click on a hyperlink provided in the mail. If any clicks on the hyperlink believing it to be genuine then it directs the customer to a fake website that looks similar to the genuine site.

Usually, the email will either promise a reward on compliance or warn of an impending penalty on a non-compliance. Usually, these cyber criminals ask people to update their personal information, such as passwords and credit card and bank account numbers etc.

If the person believes and provides personal details in good faith and clicks on the 'submit' button then most likely he or she will get an error page. It means the user has already fallen prey to a phishing attempt and shared his or her sensitive data with the cyber criminals.

How you can avoid a phishing attack

You should never click on any link which has come through e-mail from an unexpected source. It may contain malicious code or could be an attempt to 'phish'. Secondly, do not provide any information on a page which might have come up as a pop-up window. Thirdly, never disclose any personal information via text message, including account numbers, passwords, or any combination of sensitive information that could be used fraudulently.

Never ever provide your password over the phone or in response to an unsolicited request over email. You should always keep in mind that information like password, PIN, TIN, etc. are strictly confidential and are not known even to employees or service personnel of your bank or other financial service providers. You should therefore, never divulge such information even if asked for.

Good practices to avoid a phishing attack

People should develop the habit of logging in to their bank site by typing the proper URL in the address bar. Secondly, always provide your user ID and password only at the authenticated login page of your bank. Before providing your user id and password please ensure that the URL of the login page is a secure webpage which starts with the text ‘https://’ and not with simple ‘http:// ' which is not a safe webpage or safe website.

This additional 's' at the end of http actually stands for 'secured' and indicates that the Web page uses encryption. You should always look for the lock sign at the right bottom of the browser and the Verisign certificate. A bank customer or financial service user should only provide personal details over phone/internet only if you have initiated a call or session and the counterpart has been duly authenticated by you.

One of the most important safe habits is to regularly update your computer protection with anti-virus software, spyware filters, e-mail filters and firewall programs. One should always check bank, credit and debit card statements on a regular basis to ensure that all transactions are legitimate.

Please remember that the banks never ask their customers to verify their account information through an e-mail. More importantly, as a general rule, you should always be careful when receiving any unsolicited incoming communication or a phone call asking your personal or financial information or asking to update them on a site.

If you sense something malicious don’t hesitate to contact your bank directly through official channels available to verify the authenticity of those calls.

What if you have accidentally revealed your password or PIN?

If you feel that you have been tricked or phished by a scamster or if you feel that you have provided personal information at a place you should not have, you can carry out the following measures immediately to control the damage. You should immediately block user access and contact your bank, financial institution or credit card company.

You should also report the matter to your local police. You should regularly check your account statement and ensure that it is correct in every respect. If you find any suspicious or unaccounted entries then report them to the bank.

There are some other good practices such as using additional controls provided by your bank like setting the limits for demand draft and trusted third parties to zero, enabling high security to minimize the risk.

You should immediately report a cyber crime or bank fraud to the national cyber crime helpline by dialing 1930 or report the matter on the cybercrime helpline portal by visiting this site: https://cybercrime.gov.in/Webform/Helpline.aspx.