What is Phishing?

Phishing, also referred to as brand spoofing or carding, is a way of attempting to acquire sensitive information of users by masquerading as a trustworthy entity. The sensitive information may includes but not limited to user names, passwords, credit card details, PINs etc. This is typically carried out by e-mail spoofing or by directing users to enter details at a fake website which looks very much similar to the legitimate one.

Popular Phishing Techniques

Website forgery is one of the most popular phishing technique. Once a victim visits the phishing website, he couldn't make the difference between original one and fake one. He enters login information or other credentials and supposed to view the next details he want. But unfortunately, he is submitting these information to cyber criminals and get nothing back but a bad result.

Another popular technique is phone phishing. In this technique, users are being called on phone by hackers. They talk in such a way to make you believe that they are real representatives of bank and tell users to dial a phone number regarding problems with their bank accounts. Once the phone number is dialed, prompts told users to enter their account number and security PIN. Now you are finished, because the number the ask you to dial is owned by them (phisher), and they track the digits dialled by you. This is very similar to IVRS. This is also called voice phishing or Vishing.

Some of Sensitive Information that you should not share with any persons are:

  • Any login credentials (User names and passwords)
  • Credit Card numbers
  • PINs (Personal Identification Numbers)
  • Your birthday

Tips to Stay Safe from Phishing

Some simple things you should keep in mind to protect yourself against phishing

  • Don't send your user-id/password via e-mail. Never reply to suspicious emails or phone call with any of your personal information mentioned above. Also, don't fill out forms or sign-in screens that link from these messages.

  • Never enter your login information by following a link in an e-mail that is from a third person. Even sometimes link suggested by search engines may be not authentic. So, it's better to go directly to the site by typing the address.

  • Even if you are on a web page arrived by typing the address, do verify it again before entering any information. For example, sometimes we confuse with the actual address. Instead of going to www.bankonline.com, we type it as www.onlinebank.com or vice versa. This is very common.

  • Make sure that you are using the latest version of the web browser. Most of the latest browsers will warn you if you try to go to a website that is suspected of phishing behavior. Don't ignore such warnings while going to any website.