Imagine waking up to an urgent email with the subject line, “Immediate Action Required: Your Bank Account Has Been Suspended!” or “Your Streaming Subscription Has Been Terminated; Update Your Payment Details Now!” The message no doubt looks official, with the bank’s or the streaming service’s logo and a professional tone, warning that your account has been compromised or your payment details need to be updated immediately.
Panic sets in. You don’t want to lose access to your hard-earned money or favourite shows. Without thinking twice, you click the link in the email, which takes you to what appears to be the official website. It prompts you to enter your login credentials, bank details or National Insurance number. The urgency of the message makes you act fast — until you realise, too late, that you’ve just handed over your sensitive information to cybercriminals.
With a single click, all your accounts, confidentiality, and finances could be at risk. Phishing is a cyber-attack technique where hackers attempt to trick people into sharing sensitive information, such as usernames, passwords, and financial details, by using fake websites, emails, or messages to steal data such as credit or debit card details and login credentials. This form of social engineering exploits human psychology rather than technical vulnerabilities, making it a persistent and evolving threat in the digital age.There are numerous types of phishing attacks, such as:
a) Whaling: A specialised type of spear phishing aimed at high-profile individuals like CEOs or government officials, often involving sophisticated social engineering tactics.
b) E-mail Phishing: The most common form, where attackers send fraudulent emails pretending to be reputable entities, such as banks or online services, urging recipients to click on malicious links or download harmful attachments.
c) Spear Phishing: A targeted attack where hackers gather personal information about their victims to create personalised, convincing messages that appear legitimate.
d) Smishing and Vishing: Smishing (SMS phishing) uses fraudulent text messages to lure victims, while vishing (voice phishing) involves phone calls from attackers impersonating trustworthy organisations.
e) Clone Phishing: Attackers replicate legitimate emails, replacing attachments or links with malicious versions to deceive recipients.
f) Website Spoofing: Fraudsters create fake websites that closely resemble legitimate ones to trick users into entering sensitive credentials.
The first and foremost way to prevent yourself from being a victim is to enable multi-factor authentication (MFA) — even if credentials are compromised — for it adds an extra layer of security. Organisations should conduct regular cybersecurity training to raise awareness about phishing tactics for their employees.
Even the Indian Government has taken several initiatives, such as the Cyber Surakshit Bharat Initiative and the Digital India Campaign, to raise awareness about phishing and enhance cybersecurity among citizens.
The Indian Government regularly posts cybersecurity tips and scam alerts through platforms like Twitter (@Cyberdost) and Facebook, and the Cyber Crime Helpline — 1930 allows victims to report phishing attacks quickly. These are a few initiatives that aim to guide users on how to detect and avoid phishing attacks.
As a safety concern, it would be beneficial to install and update antivirus and anti-phishing tools to detect malicious content. Before entering any personal information, one must ensure the website’s URL begins with “https://” and is authentic, as attackers often use slight variations of legitimate domains. It is crucial to look for red flags such as poor grammar, urgent requests, and generic greetings that indicate phishing attempts.
i) If you fall victim immediately turn off your Wi-Fi. Report the attack to the relevant authorities or IT departments.
ii) If you entered your login credentials on a phishing site, then change the password of the compromised account immediately, followed by updating other accounts that use the same or similar passwords.
iii) If you entered banking details or made a payment, then call your bank immediately, explain the situation, and request to block or freeze your account if necessary.
(The writer is an educator. Views are personal)
