Fake email? No, not again! I shouldn’t be surprised. Every day I get at least two emails asking me to update my KYC (Know Your Customer) data with banks where I don’t have accounts. I swipe such emails into the bin without taking a second look.
The problem arises when the email comes with my bank’s name. How do I know the mail is genuine? My bank is aware of the menace and has repeatedly warned me and other account holders against clicking on the links, saying that the accounts won’t be suspended if KYC is not updated. Yet, the cybercriminals persist. The day after my bank’s recent warning arrived, fraudsters updated their email. The bank’s logo and mail format were so good that it was difficult to differentiate the original from the fraudulent one.
These emails constitute phishing aimed at stealing logins, account numbers, and credit card information. To click or not to click is the question. I’m sure you all must be facing similar dilemmas every day. Such emails are not limited to banks. Many of them come in the name of police, online retailers, courier firms and other entities.
How I check for phishing
There’s something uncanny about their timing. Very often these mails arrive just when I’m awaiting delivery of packages. The email or text message will say the address is incomplete and must be updated by clicking the link. It’s difficult to resist the temptation. After all, I’m expecting a package and what if the courier company doesn’t have my address?
Other fraudsters pose as online retailers and say the payment is pending or my address is incomplete. Like the case of couriers, it gets complicated when I receive the message the day after I have placed an online order.
A recent email warned me that my driving licence would be suspended if I didn’t pay the fine for a traffic violation. To prevent this, please click the payment link, it added.
Worse are the telephone calls from fraudsters. They sound so officious that most people part with all the information.
I followed my standard procedure by checking the email address of the sender. This one didn’t come from the authorities; it was from dreamhost.com. The bank email came from formbuilder.hulkapps.com, and I don’t bank with them. The email address is often a dead giveaway.
Other ways of spotting fraudulent mails are spelling mistakes. Seems like scammer can’t spell correctly. Some emails are littered with typos and misplaced uppercase letters. But some cybercriminals can draft such neat and persuasive emails that unsuspecting people will not only click on the link but also follow the instructions.
Worse are the telephone calls from fraudsters. They sound so officious that most people part with all the information. I know it’s difficult to stall them when they tell you accurate details about your name, phone number and recent transactions. All this information will make you believe that they are genuine.
I know of a friend’s son, who sent copies of his ID and credit card after being told that the call was from the anti-money laundering department and they wanted to verify his transactions. True enough, an attempt was made to max out his credit card. But the cybercriminals didn’t expect the OTP to go to the potential victim’s father, who called their bluff.
In cybersecurity, it’s called spoofing. It happens when fraudsters pretend to be someone to win a person’s trust to gain access to data and steal money.
How do I tackle such situations? I believe official agencies won’t reach me by telephone or mail; they will come to me if required. Another option is to present myself to the department concerned. Fortunately for me, it hasn’t reached that stage.
Now with the advent of AI, the scene has gotten muddier. I’ve heard (I haven’t verified this) that a person transferred a good amount of money to a caller, who posed as a close relative. The caller’s voice and the details of the persons and events he alluded to were perfect. How do you tackle that?
I turned to a cybersecurity expert and friend for advice. He admitted it was difficult for ordinary people. His advice was simple: do not pay or transfer money unless you can verify it from multiple sources. The key is to avoid falling for the urgency they portray. And do not prolong the conversation.
Why vigilance is the best weapon against cybercriminals
Both the suggestions are challenging since the cybercriminals are so persuasive. But they are the best ways to avoid being defrauded.
I’m always wary of calls from unknown numbers. The cybersecurity friend says even that isn’t foolproof. Phone numbers and SIM cards can be cloned, making it even more challenging to dodge fraudsters. Vigilance is the best weapon.
The bottom line is not to part with money or data under any circumstance. Get off the phone, think again, ask around and make every effort to verify the authenticity of the request. Easier said than done. But I try.