• Apply Now

Money in bank in 24 hours

Apply Now

How to Detect a Phishing Email

  • Highlights

  • Phishing is a cybercrime that can put your personal and financial information at risk

  • Phishing emails may look innocuous but can be detected with a bit of vigilance

  • Never divulge any personal or financial information through email


“Dear Customer,
There were multiple attempts to log in to your BjajFinsrv account. For your security, we have blocked access to your online EMI Card account. To reactivate please visit http://bjajfnsrv.com/activate.”

Each day our inboxes are flooded with numerous such emails that indicate a sense of urgency. Many of these emails may look innocuous and quite a few come across as advertisements or offers from banks, insurance companies, and financial institutions that we deal with regularly. Most of these, unfortunately, are phishing attempts that put our finances at risk.

What is a Phishing Email?

Phishing is one of the most common types of cyber-crimes in India. It involves the use of genuine-looking advertisements or emails or even text messages to con you into divulging your personal or financial information.


Identifying Phishing Emails

  • Emails with genuine domain - One of the first things that will help you identify a phishing or malicious email is the domain from which it is sent. The use of misspelled domains or additional numbers in the domain should prompt you to be cautious

  • Generic mails - Most genuine companies reach out to their customers through emails. These emails, however, are specifically tailored to address your individual needs. They often address you by your first name and mention the last few digits of your account number. Generic salutations in emails from banks, insurance companies, and financial institutions that you don't usually deal with, could be phishing attempts

  • Unsolicited attachments – Email attachments are known to contain malwares that can read the user’s keystrokes or steal data. Stolen keystrokes maybe your bank password, PIN, credit card numbers, etc. Most legitimate banks, financial institutions, etc., do not force you to download e-mail attachments. Some genuine mailers could contain pictures or content about products as attachments, but these are usually visible for preview

  • Information disclosure – Financial institutions and banks NEVER prompt you to disclose account numbers, credit card numbers, usernames, passwords, or other valuable information through email. Any email that asks you for these details, could be a phishing attempt

  • Poor composition – Phishing emails are often poorly composed with incorrect spellings and inconsistent details. If you have doubts about the mail you just received, look up the address, contact details, website URL mentioned in it and check against the registered contact information

  • Always validate sender’s email address – Since only the name of the company is visible on mails received on mobile inboxes, it’s pertinent you scrutinise the sender’s email address before engaging with it. For example, if you receive a phishing mail in the name of Bajaj Finserv as “Bajaj Finserv Limited ”, the name of the company may be spelled correctly but the email address is wrong. Be wary of such email IDs/addresses before responding to them


What to do With Suspicious Emails

  • The best way to deal with suspicious emails is to delete without opening them

  • If you are unsure of an email’s validity and wish to read its contents, scan it carefully and look out for all the above-mentioned pointers

  • Do not download attachments without scanning them for possible malware

  • Never respond or reply to suspicious emails

  • Most email services such as Gmail provide you the option to block or report spam. Use these options judiciously

  • Flag or report the links inside your email that look suspicious. Google Chrome users can report such links here:

  • If you receive a phishing email that looks like it came from a bank or an entity that you know or trust, report the email to the organisation

What to do if You’ve Taken the Bait

If you suspect that you have been phished, here are some things you must do –

  • Change passwords of the email account as well as your banking and financial accounts

  • Inform the credit card company or your bank and block your card to prevent further transactions

  • Report to the cybercrime portal or the cyber cell of your local police

  • Register an FIR at the nearest police station

  • For any such queries, visit https://www.bajajfinserv.in/reach-us

Most phishing attempts can be easily foiled with a little bit of caution. Your financial security is your responsibility.

Savdhaan Rahein. Safe Rahein.

How would you rate this article

 Please let us know why?

What did you dislike?

What did you dislike?

What did you like?

What did you like?

What did you like?