Financial Crime Awareness

April 2024

In this article we will talk about few prominent scams and frauds prevalent on the internet.

Introduction to Phishing

Phishing is a cybercrime that uses deception to steal your financial information, like a cunning angler luring in a fish. Identified as having six different subtypes by Patrick Miller back in 2007, new techniques were identified with the change in times. These range from Email, Spear, Whaling, Clone, Evil twin, social media, Search engine and Pharming.

To earn their victims’ trust, cybercriminals frequently act as trustworthy groups or individuals. They may send emails or texts claiming to be from your bank, a social networking platform, or even a coworker or friend. The ultimate purpose of phishing is generally to get confidential information. This may contain your bank account numbers, credit card information, social security number, and login information for numerous online accounts.

Criminals use phishing to masquerade themselves as reputable entities. They could send you an email that appears to be from your bank, replete with official logos and seemingly valid email addresses. Alternatively, they may establish a website that seems identical to your bank’s website, hoping that you will input your login details.

Here are some chosen phishing tricks and how they work:

Email phishing

 

This is the most common bait. Phishers send emails that appear to be from a trusted source, often creating a sense of urgency or offering tempting deals. These emails typically include a link that, when clicked, takes you to a fake website designed to look like the real one.

 

Be wary of providing personal information or clicking on suspicious links.

 

 

Generic greetings like “Dear Customer” instead of your name are a red flag. Avoid providing personal information or clicking on suspicious links, as scammers often use generic greetings like “Dear Customer” instead of your name in phishing emails sent to a large and randomised group of people.

 

Urgency or threats: Emails claiming your account is suspended or demanding immediate action are often scams. Always cross-check with the actual website or contact the company directly to verify its legitimacy if there is any urgency or threat.

Suspicious links: hover your mouse over the link before clicking. The actual destination might be different from what’s displayed.

 

Poor grammar and spelling: Legitimate companies care about professionalism. If you notice multiple spelling errors or awkward phrasing in an email, it could be a sign of a scam. Trust your instincts, and report any suspicious emails to the appropriate authorities.

Smishing

Text messages (SMS) that use similar tactics as email phishing.

 

Vishing

Phone calls impersonating legitimate companies to trick you into revealing personal information.

 

Advanced Phishing Techniques

Phishers are constantly evolving. Here are some more sophisticated methods:

 

Evil Twin

Cybercriminals use shortcomings in the internet’s addressing system to carry out an evil twin phishing attack. They construct website addresses that are nearly comparable to the actual ones. This is accomplished in a variety of ways, including typosquatting (registering domain names that are misspellings of popular websites), the use of subdomains, and the replacement of letters with visually identical ones.

 

The attackers’ false website addresses are meant to appear nearly identical to the actual ones. A single mistake or minor alteration might be the entire distinction. For example, the phishing site may use “g00gle.com” instead of “google.com” or “facebok.com” instead of “facebook.com.”

 

The website is frequently built to seem exactly like the actual site, including logos, layout, and other distinguishing features. When consumers arrive at the website, they are requested to provide personal information or login credentials, which the phisher then captures.

 

To avoid evil twin phishing, double-check the URL before entering any critical information. Check for secure connection indications, such as “https://” at the beginning of the URL and the padlock symbol in the address bar.

 

Pharming

Pharming is altering the infrastructure that underpins website addresses, especially the Domain Name Infrastructure (DNS), which transforms human-friendly website names into numerical IP addresses that computers use. Attackers can use this technique to reroute users from a valid website to a phoney one.

 

The goal of pharming is to divert you from a reputable website to a fraudulent one. A phoney website is frequently constructed to seem identical to the actual one, deceiving people into entering login credentials or other sensitive information.

 

One method for pharming is to hack into a server and change the DNS settings. This would cause all traffic to that server to be diverted to a phoney website.

 

Another approach to pharming is to attack computer vulnerabilities. Malware, for example, might be used to update your computer’s hosts file, causing specific website URLs to redirect to new IP addresses.

The Financial Sting of Phishing

Phishing is a serious financial crime, causing billions of dollars in losses worldwide each year. Stolen information can be used to drain bank accounts, make unauthorized purchases, or even commit identity theft.  These attacks can also damage the reputation of legitimate companies and erode consumer trust.

 

Protection against the threat

Here’s how to avoid becoming a victim:

  • Be cautious with messages: Don’t click on links or attachments from unknown senders.

  • Verify the sender: If you receive a message that appears to be from a legitimate company, contact them directly to confirm its authenticity.

  • Don’t share personal information online: Legitimate companies won’t ask for sensitive information via email or text message.

  • Use strong passwords and two-factor authentication: This adds an extra layer of security to your online accounts.

  • Keep your software up to date: This includes your operating system, web browser, and security software.

  • Be skeptical of unsolicited offers: If something seems too good to be true, it probably is.

  • By understanding the different types of phishing and following these tips, you can protect yourself from this financial threat. Remember, if you suspect a phishing attempt, report it to the legitimate company and the relevant authorities. Fight back against the phishers and keep your financial information safe!

(Arjun Jaiswal, Suyash Mittal and Mehak Uppal are students of Financial Criminology elective at JIBS)