Phishing

In 2023, India experienced nearly 79 million phishing attacks, making it the third most targeted country globally. This shows how quickly online scams are growing. With so many people using the internet for banking, shopping and communication, scammers are finding new ways to trick people into giving away personal information Phishing in cyber security are scams that often look like normal emails or messages from trusted companies, so it's important to stay alert and be careful about what you click on or share online. 

What are phishing attacks? 

Phishing attacks are a type of online scam where cybercriminals trick individuals into sharing sensitive information, such as bank details, passwords or personal data, by pretending to be legitimate entities. The finance and insurance sectors have been among the most targeted, often exploiting the growing reliance on digital banking and online transactions​.  

The scams often come through emails, messages or phone calls, appearing to be from trusted sources like banks, asking users to verify account details or click on a link. Once clicked, the link directs users to a fake website where they unknowingly provide sensitive information.  

Common kinds of phishing attacks in banking and insurance sector 

Email phishing 

This is the most common type, where attackers send fraudulent emails pretending to be legitimate banks or insurance companies. The email often contains a link to a fake website, prompting users to enter sensitive details like account numbers and passwords.  

Spear phishing 

A more targeted form of phishing, spear phishing attacks focus on specific individuals, often senior executives or employees with access to sensitive financial data. Attackers conduct research to make their emails more personalised and convincing, increasing the likelihood of a breach. 

Vishing (Voice phishing) 

Attackers impersonate bank representatives over the phone, convincing victims to share confidential details. In many cases, these scammers claim urgent account issues, tricking individuals into giving away OTPs (one-time passwords) or PINs. 

Clone Phishing  

Cybercriminals duplicate legitimate emails from banks or insurance companies, replacing real links with malicious ones. Since the email appears identical to a previous, trusted communication, victims are more likely to click on it. 

Adversary-in-the-Middle (AiTM) phishing  

Attackers intercept communication between users and financial institutions, often redirecting them to fraudulent websites in real time. This allows them to capture login credentials and other sensitive information before it's transmitted to the legitimate institution. 

How to identify a phishing scam? 

Suspicious attachments 

Phishing emails often include links that direct you to fake websites resembling legitimate financial institutions. Always hover over links to check if the URL matches the official bank or insurance site. Be cautious of unexpected attachments, as they can contain malware designed to steal your data. 

Urgent or threatening language 

It is common for cybercriminals to make you act fast and believe that your account has been hacked or that your information is required right away. Real financial institutions do not use such pressure and will allow you ample time to check issues securely.  

Poor grammar or awkward phrasing  

Phishing emails often contain mistakes such as incorrect sentence structures, missing articles or inconsistent tenses, which are uncommon in official communication from banks Also, watch for spelling errors, especially in critical areas like company names or financial terms. Legitimate financial institutions rarely make such mistakes in formal emails.  

Unusual sender address  

Phishing emails may look legitimate, but often come from slightly altered email addresses. Always check if the sender’s domain matches the official one used by your bank or insurance provider. 

Requests for sensitive information  

Legitimate banks or insurance companies will never ask you for sensitive details like OTPs, PINs or full account numbers via email or phone. If you're asked for these, it's a major red flag. 

Generic greetings 

Phishing emails often use generic terms like "Dear Customer" instead of addressing you by name. Financial institutions usually personalise communication with their customers. 

Endnote 

To avoid falling prey to phishing scams, you need to be very careful especially when using the internet. If the email or message received appears to be a scam, then do not reply to it or click on the links provided. However, it is always advisable to take a moment and check the source by calling the bank or the financial institution. Use antivirus software and make sure that it is up to date in order to prevent any threats from coming in. Also, ensure that you check your bank statements regularly for any unauthorised transactions. 

You should practice good cyber hygiene by using strong and unique passwords as well as enabling 2FA. Please bear in mind that the conservative behaviour today can save you from large losses in the future. Be careful and do not forget about your online security.