• Apply Now

Money in bank in 24 hours

Apply Now

How to Spot a Phishing Scam?

  • Highlights:

  • Technological advancements and information accessibility on the internet act as phishing catalysts
  • Phishing victims should report the fraud to sachet@rbi.org.in or call the RBI number 14440
  • One can refuse to share personal and financial information such as CVV, OTP, PIN

Let us understand, what is phishing? It is malpractice that involves sending fake information that appears to be from a reputable and legitimate source, to trick the victim into revealing personal and financial information. The attacker then misuses this information to siphon money off the person or to deploy malicious software such as ransomware on the target’s phone, laptop, etc.
This social engineering tactic has become extremely sophisticated over the years, due to the amount of information available on the internet about any individual and technological advancements. This makes the message even more believable and realistic to the recipient.

Example of a typical phishing email
From: rana@bajajfiance.com
Dear valued member,

To continue using your Bajaj Finsurv credit card, please update KYC details. Click on www.bajajfinserv.com to update details. Failure to comply within 24 hours will lead to credit card cancelled.
Do it now!

7 ways to spot a phishing email, texts, and other communication

Creating a sense of urgency

The above email requires urgent action and is threatening the recipient with a negative consequence unless immediate action is taken. This is a common giveaway of phishing emails. Attackers create urgency either by threat or a loss of opportunity and instil fear in receivers who rush into actions, without going through the email for inconsistencies or potential flaws.

Grammatical errors and spelling mistakes

Another way to spot a phishing message is by reviewing the text of the message. You will find many spelling mistakes and bad grammar which you won’t find in legitimate communication. Most companies use spell-check tools by default for the emails being sent, ensuring no grammatical or spelling errors. The sentence in the above email - ‘Failure to compliance within 24 hours will lead to credit card cancelled.’ – has been framed incorrectly and is a key hint to spot a phishing scam.

Unfamiliar salutation or greeting

Most phishing emails will have very generic salutations such as “Dear account holder,” “Dear customer,” or “Dear valued member”. See the kind of salutation that has been used in the previous emails sent from the company this email appears to be from. Some use a first name basis, some have an informal exchange so if the salutation is not familiar, it should arouse suspicion.

Discrepancies in email addresses, domain names and links

If you find any inconsistency in the email addresses, domain name, or website, the email is directing you to, it should raise an alarm. Most phishing emails make a slight deviation from the original IDs like introducing or removing an alphabet, using .org/ .in or .com in place of the actual domain name, or adding a number like @bajajfinserv23.com. The above phishing email is from @bajajfiance.com whereas Bajaj Finserv uses @bajajfinserv.in. It is redirecting you to www.bajajfinserv.com even though their official website is www.bajajfinserv.in. Don’t go by the sender’s name, hover the mouse over the sender’s name and the link you are being directed to, to see the actual link and domain name.

Suspicious attachments

Unsolicited emails with attachments should always be viewed suspiciously. Authentic companies, mostly, direct you to their website to download something, if required. If the attachments have an unfamiliar extension such as .exe, .scr, .zip, etc. that is usually associated with malware, refrain from opening or downloading them.

Emails requesting sensitive personal and financial information

If an email asks for sensitive data or takes you to a website where you are required to enter any data, it is a scam! Emails that originate from unfamiliar or unexpected senders and request login credentials, financial information such as credit card details, OTP, PIN, or any sensitive data are from phishers. Sophisticated hackers can forge authentic pages to make them look eerily similar to the real ones. One needs to gauge the tone of the email and information being asked and if the entire request seems random, then refrain from sharing any data.

Emails that sound too good to be true

Emails that lure the recipient to click on a link or download an attachment on the pretext of a reward or limited time offer should be thoroughly evaluated. Remember there are no free lunches and if something sounds too good to be true, like an interest-free loan or a free holiday, it probably is. Reach out directly to the company from where the sender is impersonating and confirm if the email is actually from them and they do have such offers.

How to report a phishing scam?

If the phishing scam is related to Bajaj Finance like the example shared, reach out to us immediately at https://www.bajajfinserv.in/reach-us. Follow the same protocol for any other impersonations. Report the phishing fraud as soon as you realise it, by sending an email to sachet@rbi.org.in or calling the RBI number – 14440.

Try not to fall prey to these phishing scams by keeping in mind the steps listed above. Be alert and don’t let fear or greed get the better of you.

Savdhaan Rahein. Safe Rahein.

Read more at:
• Cautionary Note - https://www.bajajfinserv.in/cautionary-notice- new.pdf
• Infosec Page - https://www.bajajfinserv.in/infosec-pages
• Fraud Awareness Blog - https://www.bajajfinserv.in/insights/fraud-awareness

How would you rate this article

 Please let us know why?

What did you dislike?

What did you dislike?

What did you like?

What did you like?

What did you like?