Browsing through the morning news, a headline in financials caught my eyes. Spike in online frauds is being reported from many cities during Covid-19 pandemic and lockdown. The ongoing pandemic situation worldwide has diverted the economy to digital platform. Digital world is fast, easily accessible, hassle free and of course convenient. But as the popular saying goes “two sides of a coin”, the digital world too has a dark side and online frauds and scams being one of them. I believe many of us might have been exposed to this side or in some unfortunate cases might have become the victim of this menace too.
One of my friends had a close escape of becoming a victim of cyber fraud very recently. It happened that her Life Insurance was due for renewal and she was making a search for online renewal. She tried for a couple of days unsuccessfully. So, she dropped the idea of doing online renewal and decided to visit the Insurance Company physically for renewal. However, even before her visit, two days later she got a call supposedly from the customer care service of the Insurance Company who directed her to go to a nearby ATM for online payment and subsequent renewal of her policy. Now the call was so well timed and convincing that my dear friend didn’t give a second thought to it. And from thereon it was a story of being duped and losing almost all the money in her savings account. My friend became a victim of one of the types of cyber fraud called vishing, although she too, like many of us, was a well-educated, tech savvy and working as an officer of a Govt. Dept. Her story prompted me to write this article although I am not a cyber expert. But belonging to an organisation which has to deal with customer's money and seeing how they are sometimes duped, I think if we are cautious enough, we can save ourselves from this growing menace.
So, what are the most common types of Cyber Attacks and terminologies related to cyber threats that we hear day in and day out?
Types of Cyber Attacks
Malware: Malware is the term for maliciously crafted software code. A malware enables unauthorised access to network for purposes of theft, sabotage, or espionage. Malware is usually introduced into a network through phishing, malicious attachments, or malicious downloads. There are different types of malware that can infect target computers such as virus, worms, Trojan, etc. A malware may gain access through social engineering or flash drives as well.
Social Engineering: It is a term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes and giving away sensitive information. The following are the most common types of digital social engineering:
1. Phishing: Phishing is the fraudulent attempt to acquire information such as usernames, passwords, PIN, bank account, credit card details by disguising as a trustworthy entity through electronic communication like e-mail. Phishing emails usually appear to have come from a well-known organisation, from sites, services, and companies with which you may not even have an account.
2. Vishing: Vishing is the telephonic equivalent of phishing. It is the act of fraudulent practice in which phone calls are made or through voice messages which usually appear to be from reputable companies in order to induce individuals to reveal personal details and scam the user into surrendering private information that will be used for identity theft. In one of my practical experience in recent days, I encountered a customer who was prompted to download some cloning and malicious apps and come evening he came to know that his bank account was compromised.
3. Smishing: Smishing is short for “SMS phishing”. So as the name suggests it is a phishing attack made through SMS messages through which a user is duped and tricked. These messages can be generic or may be 'spear', meaning a specific target, and can be masked to appear from genuine message sender, like your bank, known company, etc. the avenue being endless. In this type of attacks, usually a link is provided through which one may give away his browser or device information, IP addresses and locations. And if one is unfortunate enough, may give away password credentials too.
These are few of them, so how do I avoid Cyber Scams and frauds?
Avoiding Cyber Scams and Frauds
1. Online/ Internet Scams: As I have mentioned, online scams can happen via phishing emails, social media, SMS messages on mobile phone, etc. The main purpose is to capture secret credentials of the User and even identity theft. So, avoid clicking on any links from unknown sources in your email. Check and cross check the senders email id. Sometimes the give-away may be spotted instantly in the email id itself. It is observed in many cases that although the email ids appear to have come from known sources, there may be a slight twist in the same, be it a spell error, change of domain name, opening a redirecting page etc.
2. Employment and Investment scams: Just remember, if it sounds too good maximum chances are there that it might not be true. Be it a lucrative offer of “working from home” or set up and invest in a “business opportunity” or investment scams including cryptocurrency purchase, binary options trading, managed funds, etc. scams may come to one's doorstep in many disguise. Scammers dress up 'opportunities' with professional looking websites, emails, and phone calls to mask their fraudulent operations.
3. Dating and Romance scams: I know everyone is aware of it, yet I believe this is still the most widely and commonly used method of duping the innocent. Fake profiles in dating sites, mobile apps or social media platform, lots of patience which may go on for months and years in trying to build up a relationship and a simple request of financial help for an illness, injury, travel cost or a small family crisis is needed by the scammer to get hold of your money.
Apart from all the afore-mentioned points, there are many other ways such as Charity and Medical scams, prize and lottery scams, the list will go on. As I mentioned earlier cyber-crime is evolving and so are ways and means of committing it. So, to avoid falling into a trap I am mentioning here some basic tips which will definitely come handy:
The first and foremost amongst all is being alert and keeping in mind that scams exist and always consider the possibility that it has come in disguise. Don't ever forget our nursery story "wolf in sheep's clothing". Now it is just that the wolf has entered the virtual world.
Know who you are dealing it. Be an individual, check out his/ her other profiles through simple google image search (today everything residing in cloud, we tend to leave our digital imprint somewhere or other), or if it’s a business, check out the internet for the name of the firm, company etc.
Check out the sender's email id. If it's from your bank or other genuine organisation, they always upload the email ids in their website. Check out the domain name for sure.
Periodically review your privacy and security settings in social networking sites such as FB, IG, and twitter etc. Learn and know about how to take care of securing your privacy. Be incredibly careful in sharing your personal details there. Avoid repeating passwords or giving your name/ date/ month/ year of birth as passwords or mixing them to create passwords. Any suspicious activity in your account should immediately reported to authorities.
Beware of unusual payment methods. Don't forget you are giving away your card no., PIN etc to this website or payment app.
Someone once told me the most effective way to avoid falling into the trap of a cyber-crime is to remove the "You" part from it. You don't click on trap links, you don't give away your credentials, you don't get enticed into an offer which is too lucrative, too decorative and you are safe.
So dear friends, till we meet again, stay safe, stay healthy and STAY HAPPY!!!!!