Secure online transaction is an essential segment for almost any website. We have around 12M – 24M e-Commerce website worldwide as of 2019 (source – 99firms.com) and global retail e-Commerce sales is about to reach 3.5 trillion by the end of 2019. So it is almost impossible to isolate our selves from online transactions.
Since you know the gravity and popularity of online transactions you can imagine it is equally likable for the online tricksters. Day by day it is becoming more and more difficult to keep your self, safe against the evolving ways of online frauds but I hope this article will help you.
Types of online frauds and tips to remain safe against it:
- Phishing, what it is and how you can remain safe? Phishing could be an e-mail that appears to be from a known institution like banks/a popular website asking confidential data like user id and transaction password, One Time Password (OTP), Unique Reference No. (URN), etc. (Tip: Do not click any links which ask your personal details without varying it.)
- Spear Phishing: It is targeted phishing through an e-mail that appears to come not only from a trusted source with a context relevantly customized /personalized to either current projects of developments within the company, or maybe related to a family event. (Tip: Very easy to get into this trap but this one is very easy to verify also since the sender is trying to pretend someone from the close circle, so verify by just a call or other ways…)
- Spoofing: These attacks refer to tricking the users, by faking the identity of another user, over email, phone, website, etc. Website spoofing is the act of creating a website, as a hoax, with the intention of performing fraud. To make spoof sites seem legitimate, phishers use the names, logos, graphics and even code of the actual website. They can even fake the URL that appears in the address field at the top of your browser window and the Padlock icon that appears at the bottom right corner. Even Emails can be spoofed to make the victim believe that it has been sent by ‘Trusted’ sender (Tip 1: if you are using some kind of email client which doesn’t show the full email address and show only names (which can easily be programmed as per the need) then you should consider accessing your email traditionally through browsers where you can see full email address) and lead the victim to share sensitive information. (Tip – 2: do not immediately click those links of saying your account is locked or etc. but open other fresh browser windows and try to log in the normal way you do if that works then report this kind of spoofs to the original website/business)
- Vishing: It is an attempt of a fraudster to take confidential details from you over a phone call. Details like user id, login & transaction password, OTP (One time password), URN (Unique registration number), Card PIN, Grid card values, CVV or any personal parameters such as date of birth, mother’s maiden name. Fraudsters claim to represent banks and attempt to trick customers into providing their personal and financial details over the phone. These details will then be used to conduct fraudulent activities on your account without your permission leading to financial loss. (Tip: Just don’t provide these kinds of information over the incoming call, generally bank or other financial services never call for these kinds of informations. Hang up the call and call the bank by using the toll-free or other number provided to you behind your bank card.)
- SIM Swap: Your mobile phone is a convenient banking channel. You can get account-related alerts and the One Time Password (OTP) required to carry out banking transactions and make various financial inquiries through your mobile. However, if you do not take a few simple precautions, a criminal can divert these alerts by getting your genuine SIM exchanged with a duplicate SIM through your service provider, and attempt to commit fraud. (Tip: This one is the latest way in the fraud cases and here you need to be careful with your SIM card and make sure that it doesn’t fall to any dubious person)
- Smishing: It is a combination of short message service (SMS – also known as text messaging) and phishing (the act of emailing someone with the intent of obtaining personal information that can be used for identity theft). In this case, the fraudster sends a message over SMS, rather than Email. Smishing messages may look like “You have won 2 free tickets to an Amusement Park, visit this website to claim your prize”. Clicking on the link may lead you to a website asking for personal information. These are becoming more common due to smartphones becoming more popular. (Tip: To protect your self against this kind of attacks, yes you are right – just don’t click those doubtful links)
- Frauds through social networks: This is another rapidly growing way of phishing where fraudsters use social media sites to sorghum the youth of today. For example, the latest tool observed is an invite to install a “Valentine theme” on one of the most popular social networking websites. The install button prompts the download of a malicious browser extension which monitors the user’s activities. Sometimes users are redirected to a survey page asking them for vital information like name, mobile number etc. (Tip: Do not install any third-party applets/app in your social media, do not give access to those kinds of third-party applets. unless you are sure about the authenticity of the applets)
Thank you and happy surfing! In case of more details on any point, please comment below.
See you in the next post!