Phishing Scams: Here's How To Recognise Them And Keep Yourself Safe

Financial fraud is a constantly evolving threat that affects many of us, either directly or indirectly. This risk extends to banks and financial institutions entrusted with customer's financial data. In India, the scale of this problem is evident–Cyber fraud losses amounted to Rs 107.21 crore in FY25 (till December 2024) and over Rs 733 crore in the past 11 years. FY24, alone, recorded the highest loss at Rs 177 crore. 

But, cyber fraud isn't just about hacking. It's often about deception, and phishing is a prime example. A BankBazaar report on the topic, titled “Fear, Fraud, and Finances" notes how scammers exploit human emotions, cognitive biases, and social behaviours to trick you. This article touches upon the psychology behind phishing–what it is, how to spot it, protect yourself, and what to do if you're a victim.

Psychological Tactics Of Phishing Scams 

Phishing, in simple words, is a type of online scam where criminals trick you into revealing your personal information by pretending to be someone you trust. The psychological tactics deployed by such scams are: 

1. Authority & credibility: Scammers impersonate trusted figures–banks, organisations, trusted authorities–mimicking legitimate communications like emails, SMS, and websites, to gain your trust. 
2. Create urgency and/or scarcity: The message is crafted to generate a false sense of urgency or pressure the receiver to act quickly without thinking critically, resulting in hasty decisions. 

A Real-Life Example Of Phishing

A new phishing scam has been circulating this week. I received an SMS mimicking an official communication from my bank, alerting me about reward points expiring soon. The message read: "[Bank name Notice: You have 5064 points expiring in 24 hours, click https://bank name.sbs/i to redeem your gift]." After immediately blocking the sender, I examined the message and noticed several tell-tale signs of a phishing attempt:

 

• Created urgency: The "expiring in 24 hours" aimed to provoke immediate action. Because it imitated an official notification, one might easily click the link without a second thought.
• Suspicious link: The URL was not my bank's official link, something I instantly noticed and compared to my bank’s usual communication web addresses.
• Unsolicited message: Having recently checked my reward points, I knew I hadn’t accumulated that many, which added to my suspicion.
• Generic greeting: The message began with a generic "You," which was inconsistent with my bank's usual personalized greetings. 

 

 

The Different Faces Of Phishing Attacks

Phishing attacks come in various forms, with scammers using a range of tactics to trick you. Knowing what these are can potentially save you from becoming a victim. 

1. Email phishing: The most common type, involving deceptive emails that appear to be sent from legitimate sources.
2. Pharming: Redirecting users to fake websites that look like legitimate ones.
3. Smishing (SMS phishing): The example above is an SMS phishing scam, conducted via text messages. 
4. Vishing (voice phishing): Scammers call individuals, tricking them into revealing information.
5. Spear phishing: Targeted attacks aimed at specific individuals or organizations.
6. Whaling: An aggravated form of spear phishing targeting high-profile individuals like CEOs or executives.

How To Avoid Becoming A Victim 

 

• Verify and validate

 

• Verify the caller’s identity independently to confirm who is contacting you. 
• Confirm the communication’s legitimacy using official, trusted contact information. 
• Watch out for red flags like spelling errors, suspicious URLs, inconsistent fonts, or mismatched information in any communication you receive.

 

• Protect your sensitive information:

 

• Never share personal or financial details in response to unsolicited contact.
• Enable two-factor authentication for added security for sensitive accounts. 

 

• Be smart 

 

• Avoid acting on urgent, time-sensitive requests and offers that create a sense of scarcity.
• Manually enter website addresses instead of clicking on links.

 

• Keep your guard up 

 

• Regularly update your devices and security software.
• Stay informed about the latest scam tactics to protect yourself and others.

 

If you think you’ve shared sensitive information in a phishing attack, contact your bank immediately so they can secure your account. Change passwords for online accounts that may have been compromised, and closely monitor your bank statements for unusual activity. Phishing scams are constantly evolving and pose a serious risk. The best way to stay protected is to understand how they work and take proactive security measures to avoid falling for them.