What Is Phishing and How To Protect

Oct 10, 2023

Cyber frauds have increased exponentially in the past few years. Cybercriminals are constantly creating new tactics to exploit innocent individuals. One of the most prevalent and damaging forms of cybercrime is phishing.
Let's dive into the world of phishing and understand its potential consequences in banking transactions and most importantly, how you can protect yourself against this growing threat.

What is phishing?

Phishing is a cyberattack technique involving sending deceptive emails / messages or creating fake websites to trick you into revealing sensitive information. Sensitive information can include passwords, Credit Card numbers and bank account details. The term 'phishing' is a play on the word 'fishing' as attackers cast a wide net in hopes of hooking unsuspecting victims.

How does phishing work?

Phishing attacks begin with the attacker crafting an email or message that appears to be from an authentic source like a bank, social media platform or trusted service provider. The message often contains urgent language. This creates a sense of panic or fear in receivers. It prompts the victim to click on a link that leads to a fake website that looks similar to the genuine one. Once the victims come on the fraudulent site, they are urged to input sensitive information. These details are captured by the attacker. After your confidential information is compromised, the attacker uses it for fraud.

Types of phishing attacks

  • Deceptive phishing: This is the most common type of phishing attack. Attackers send out mass emails that appear to come from legitimate organisations. These emails ask you to click on a link and provide your credentials or other sensitive information. The information is then used to launch another attack or steal money.
  • Spear phishing: In spear phishing attacks, cybercriminals draft their messages for specific individuals or organisations instead of the masses. This level of personalisation makes the attack more convincing and harder to detect. Social media sites often become the sources of information for targeting victims.
  • Whaling: Whaling targets high-profile individuals such as CEOs or government officials. The term whaling is symbolic of ‘big fish’ or big targets. Attackers use complex tactics to access sensitive information from these big and valuable targets.
  • Pharming: Pharming involves redirecting users to fake websites even if they enter the correct URL. This is done by manipulating your DNS settings or poisoning your browser cache. You might end up providing confidential information thinking that you are browsing a secure website.

How can phishing affect banking transactions?

Phishing attacks can have devastating consequences, especially in banking transactions. Money is often the main motive in most phishing attacks. This makes banking information most at risk. Cybercriminals may gain access to your online banking credentials and use these to drain your accounts or make unauthorised transactions. They might also use the information to commit identity theft or gain access to other sensitive accounts linked to your financial data.

How to protect yourself from phishing attacks?

While a phishing attack is tricky and dangerous, you can protect yourself if you are aware of the tactics involved. Here are some tips you should consider to protect yourself from phishing attacks:

  • Be sceptical: You should always approach unsolicited emails, messages and requests for sensitive information with scepticism. Verifying the sender's identity and checking for signs of grammatical errors / inconsistencies is a great way to differentiate between genuine and fake websites, and phishing emails and messages.
  • Check URLs: Before clicking on any link, you should hover your mouse over it to reveal the actual URL. Ensure it matches the legitimate website's address to prevent disclosing confidential information.
  • Use two-factor authentication (2FA): You should enable two-factor authentication wherever possible. This adds an extra layer of security by requiring a second form of verification beyond just your password.
  • Keep software updated: Regularly update your operating system, browsers and security software to patch vulnerabilities that attackers might exploit. Software updates come with defenders and other protective measures that protect your systems from malicious attacks.
  • Educate yourself: You should stay informed about the latest phishing tactics and scams. Focus on updating yourself with common phishing techniques and warning signs. You can learn about the latest tactics and scams online or through social media. The greater your awareness, the more difficult it is for attackers to scam you.
  • Use strong passwords: You should create complex passwords for your online accounts and avoid using the same password across multiple platforms. This makes it difficult for attackers to hack or gain unauthorised access. You should also regularly update your passwords.

Now that you are aware about phishing, read more about the different money transfer scams - What is payment fraud? | What is online banking fraud? | What is money transfer scams?


Join Vigil Army, where Vigil Aunty will decode various frauds and give people a heads-up on the dos and don’ts of combating frauds online. To join the Vigil Army, send ‘Hi’ to her via WhatsApp number: 7290030000


Disclaimer: The appearance of Vigil Aunty's bindi has been refreshed with a change in color from red to blue for a distinctive look.