VISHING and PHISHING

As you know everything is converting into digital form from services to money everything is now available in a minute and it is very easy to get its access all you need is just a smart phone. Due to lack of awareness and knowledge many people are taking advantage of this technology by doing fraud activities among these activities vishing and phishing are very common offences which has taken place many times.

Vishing is an activity or fraudulent practice of making phone calls or leaving voice messages pretending to be a reputable company in order to gain personal or confidential information of individual through individual only such as – bank account details, credit card CVV number or OTP, ATM pin etc.

It is a very common in small town areas and such incidents happens with those which are certainly not aware about these conversions and such cases. vishing is very common activity and we usually ignore such kind of phone calls because few of us are very well aware with bank policies that bank officials or any employee do not have authority to ask confidential details of customers on phone and they never ask for card details, OTP and ATM pin on calls and not even CVV number also main motive of such phone calls is to fraudulently transfer a particular amount from your bank account to their own bank account.

These are cyber-criminal calls the victim by posing to be a bank representative or call center employee, thereby fooling them to disclose crucial information about their personal identity. This happened back in 2018 with a 59 year old retired official he lost his Rs 1.10 lakh to a vishing in Goregaon . The complainant bought a new credit card from a government bank with the credit limit of Rs 5 lakh in July 2018.  The police said that the fraudsters already had the name and the address of the victim due to which the complainant didn’t find anything suspicious and shared his credit card details with them.

The victim received a phone call from a person, the caller posed as government bank official and narrated the name and address of victim to verify his identity and the person also inquired about the credit card and asked for some information for some verification purpose and after he gave away his credit card details an OTP was generated on his mobile phone. As caller had already gained trust of victim, he ended up giving away the OTP and within few time fraudsters transferred Rs 1.10 lakh from his bank account and when he got susupicious about this he informed his daughter about incident and contacted the bank’s landline number following which he was informed that he has been duped. The retired BEST official approached Goregaon police station and registered a case under relevant sections of cheating and IT act. It was just one case vishing but number of cases are increasing very rapidly even in lockdown also.

PHISHING:-

Phishing is a type of fraud or fraudulent attempt by someone pretending to be a legitimate person or institution to gain sensitive data or personal information such as user name, credit card details, bank account details, passwords etc from target or targets through e-mail, links, telephone, unknown random websites or text message. It also includes stealing information such as – Customer ID, IPIN, Card expiry date, CVV number etc by disguising to be a legitimate source in an electronic communication.

Nowadays having a personal website is not a very big deal and we often checkout these websites. Some of them belong to a legitimate source but many of them are fake or belongs to an unknown sources which matches the feel of legitimate site and ask you to subscribe that website by giving your personal information or some of them contains links, These links contains fake email ids or messages containing virus affected websites which urge people to enter their personal information such as login information, account’s information which can cause any kind of loss or injury to you. Injury or loss could be of any kind it can leads to unknown amount transfers without your consent or sharing any kind of personal data is very dangerous because that person can use your personal data in many ways which is more harmful than any other loss.

Types of Phishing:-

1. Spear Phishing:- It is basically an email scam which is targeted towards a particular individual, organization or business with intention to steal sensitive data or financial information for malicious activities or to cause harm to that particular individual. This kind of phishing is basically done through emails and cybercriminals may also intend to install malware on a targeted user’s computer so that he can get further more information of sensitive nature from his device for long term benefits.

2. Whaling:- Whaling refers to attacks which are directed specifically at senior executives , other high-profile targets and person with powerful positions, these attackers usually attacks highly designated person and person with powerful positions through electronic communications which appears to be from trusted sender to divulge highly sensitive information or to transfer funds from their accounts to a fraudulent account. 

3. Clone Phishing:- Clone phishing refers to attack which is done by using actual email that might belongs to a trusted organization, a hacker alter that email by copying that email and replace it or add a link which redirects user to a malicious or fake website. It can refer to a previous message that the recipient sent to the legitimate sender.

We all know that we are in a middle of pandemic and in this lockdown period bengaluru police has more than 500 complains of various online frauds which includes vishing and phishing among which many complaints are related to banking frauds . In this lockdown period from bollywood stars to political personalities including common man all of them are donating amounts in PM CARES Funds through Paytm QR code and Gpay etc application but many people are urging through social media like facebook or instagram to public to donate as much amount as they can for welfare of poor people and providing links and QR code for donation being a respectable citizen of this country we should donate amount for welfare of the people of our country we should help government in this tough time but before donating any amount we should be careful and aware with the facts that those random links and QR code could be fake or can belongs to someone personal wallet or bank accounts. Some of them are asking for donation in pandemic pretending to be a govt. link but that link is someone’s personal link. Before donating any amount or before making any payment please check the QR code and links properly then make payment.

As we all have been into our homes because of lockdown imposed by Indian government and this lockdown is causing many types of losses in terms of economical losses, people who belongs to below poverty line and working on daily wages they are getting affected by this and more over that students of schools and colleges are having their studies loss but technology is helping us out in pandemic so that somehow student will not have to affect their studies our teachers are teaching through online services and providing study material through emails and google meet and zoom apps .

Almost everything is now updated online and these apps are not only used by schools and colleges, even high profile companies and people who are on very high designation and working with big companies these people are also using these application to carry out their business meetings so that their business  will not affect by this pandemic so this happens recently after lockdown have been imposed as per security company proofpoint more than 200 million users are using zoom app to carry out their business and for their  other personal works, for work from home and for video conferencing through emails on daily basis but many cyber criminals are targeting zoom links which belongs to manufacturers and high profile clients.

As per report of proofpoint recipients received an email which states that they have missed a zoom meeting. The link also includes a link through which we can check that missed zoom meeting as per email , That link will take the recipient to a “spoofed zoom page” and ask for their “Zoom credentials” through which they get access to many confidential and important conferences which can leads to data thereat to that particular company. These type of emails have targeted transportation, manufacturing, technology, business services and aerospace in United states. You can read more from this news link :-

Preventive Measures for Vishing and Phishing:-

• Vishing is very common activity these days and it is done through phone calls and voice messages, to prevent yourself from this kind of fraudulent activity and attempts you can stop this fraud at its initial stage by ignoring such kind of phone calls and by not sharing any kind of personal information on calls and message.

We can stop vishing by spreading awareness among illiterate people who does not understand such kind of activity and who are not well aware with technology and such kinds of fraud. After so many cases even banks started spreading this message by putting hoardings and by keeping their caller tunes.                              If any of these offences happened with anyone in your family or friend circle that person can file complain regarding this offence by going to police station or he can also file a complaint online with cyber portal of India, reporting of a crime is a major step for prevention of such kind of offences and block your card through bank immediately so you don’t suffer anymore loss.

• Phishing is also very common offence and for its prevention it is very important for user to have basic knowledge about phishing for awareness.
• A user can install anti-phishing software in his system from which he can put a filter on real and fake emails to prevent him from phishing
• The most important step a normal lay man can take for prevention from such kind of activities is to not to update all the information on social media related to personal sensitive data and be aware of such kinds of links which are from unknown users or which may be belongs to a trusted organization but one should check the link and email before putting any kind of personal information in that particular link.
• There are two methods for prevention of clone phishing – You can prevent phishing by installing anti-spam appliance in your system which filters all spam emails and the other one is by installing a unified threat management solution or firewall which will look for mismatches between displayed URLs and actual links in the messages and also look for apparent sender and the actual sender.

Relevant sections of Indian Penal Code and IT Act For These Offences :-

1. Section 416 of Ipc – Cheating by personation
2. Section 419 of Ipc – Punishment for cheating by personation.
3. Section 66D of IT Act – Punishment for cheating by personation by using computer resource

You can easily ignore such kinds of frauds by not sharing any kind of personal and sensitive data on calls or emails or links to anyone, Bank employees never ask customers to share their Customer Ids and Passwords, ATM PIN or any kind of passwords on calls or even personally and even if they ask such kind of information do not share such kind of information with them also and Never submit your personal data or confidential passwords on any random website which belongs to any random user or company. Being a lay man it is impossible for them to have deep information regarding ever offence but few of them are very common and easily understandable few steps can save you from such frauds and fraudsters.

News Link:-
http://timesofindia.indiatimes.com/articleshow/75263641.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

By :- Monika Verma, Delhi University.