Phishing is defined as any attempt to obtain your personal and financial information. Mostly, phishing is carried out via emails. These emails lure the targeted victim into visiting a fake site and giving away confidential data. Phishing attacks also use fake SMSs (called Smishing) and fake telephone calls (called Vishing).
What we are discussing here is related to vishing, also known as voice phishing. Several instances have occurred wherein people receive phone calls that appear to be from their bank. The caller usually pretends to be a bank representative or someone from the bank’s technical team. In most cases, the caller sounds professional and provides a convincing reason for calling the customer. After having given a false sense of security, the caller then tricks the victim into giving away their personal and confidential data such as:
- Credit/debit card number
- The card’s CVV number [Card Verification Value – 3 to 4 digit number printed on the flip side of the card]
- Expiry date
- Secure password
- ATM pin
- Internet Banking login ID and password and other personal information
With all such crucial information at hand, the fraudster can easily carry out illegal financial transactions using the victim’s name.
Real Case Scenario
One of our readers had encountered a similar situation. The reader received a call that seemed to be from their bank’s customer service center. The caller was able to convince our readers that their bank account and ATM card is in the process of getting upgraded and updated. And for that, the following details were required:
- ATM cum debit card number
- CVV number
- Expiry date
- Password
- Savings bank account number
Later, our reader came to know about several unauthorized transactions that were made using their bank account, which amounted to a sum of ₹ 65000.
How you can protect yourself from such phone scams
Below is a list of safe banking tips that banks such as SBI, ICICI, HDFC, and others have issued for their customers.
1. Banks or any of their representatives never send customers email/SMS or call them over the phone to ask for personal information, password or one time SMS (high security) password. Any such e-mail/SMS or phone call is an attempt to fraudulently withdraw money from the customer’s account through Internet Banking. Never respond to such email/SMS or phone call.
2. Never respond to emails/embedded links/calls asking you to update or verify User ID/Password/Debit Card Number/PIN/CVV, etc. Inform your bank about such email/SMS or phone call. Immediately change your passwords if you have accidentally revealed your credentials.
3. Do not provide any personal or confidential information on a page which might have come up as a pop-up window.
4. Always remember that information like password, PIN, TIN, etc., are strictly confidential and are not known even to employees/service personnel of the bank. You should, therefore, never divulge such information even if asked for.
5. Never provide your identity proof to anyone without any genuine reason.
6. Never click on any links in an e-mail to access the bank’s site.
7. Access your bank website only by typing the URL in address bar of the browser.
8. Do not provide your bank account details to emails offering a job or claiming that you have won a lottery. Avoid opening attachment of emails from unknown senders.
10. Having the following will improve your online banking security:
- Newer version of Operating System with latest security patches
- Latest version of browsers
- Active Firewall protection
- Up-to-date antivirus software
11. Avoid accessing Internet banking accounts from cyber cafes or shared PCs.
12. When on your bank website, look for the padlock symbol either in the address bar or the status bar (mostly in the address bar) but not within the web page display area. Verify the security certificate by clicking on the padlock.
To conclude with one last security tip for safe online banking, avoid accessing your Internet banking accounts from cyber cafes or PCs used by multiple people.
Source: Quickheal & Mr. SuResH
