Back in the initial days, a scammer would call you and inform you that you had won a lottery or someone is in danger and then they would try to extract information or money from you. But those were the good old days. Now the situation is worse. The scammers have started spear-phishing common people.
Wikipedia defines spear-phishing as ‘the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information’. In simple terms, we can say that it’s a scam for specifically targeted individuals.
Case study 1:
One of the cases that we came across recently was of a scammer who was selling PS5 under the name of a real and reputed company. Scammers were generating bills in the name of the original company and using their GST number. Even when the users wanted to verify whether this bill was correct or not, the GST portal showed that it was authentic. Therefore, the company was authentic. There also exist apps in the market to generate bills and make it harder for common people to detect fraud. Using these, the fake company was legitimised. The question is, the customer is receiving proper delivery details so how can the he/she verify if the seller is genuine or a scammer. We will answer it later.
Case study 2:
A person receives a job offer from a person on LinkedIn who is claiming to be from XYZ company. In such a scenario, to verify whether he is genuine or not is by viewing his mutual connections with you. If you see top people in the industry there, it seems like you’re good to go. To check if that company exists or not, you use google. If you find a company with a good reputation exists and the person who has contacted you is in their HR team, you would think that you have received a genuine job offer.
We can discuss 100’s of similar cases. In one case you will find your perfect life partner, in the other, your family member needs help on Facebook and in some cases, you will receive a call on the behalf of your family member that he/she has met with an accident and money or monetary information needed to be given urgently. In some cases, you receive an HTTPS link claiming that some big company is doing a giveaway.
So what should a common man do? Should he totally disconnect himself from the internet? That is not a viable solution; it’s like running away with a problem. And running away from the problem doesn’t solve it. It makes it bigger. Here are some basic recommendations that an individual should follow so that he could be safe in digital India.
There is no free lunch. That’s a basic principle that one should follow. If you are getting in free 1kg gold or 1 box of gold flake. Just say no and move on. If you are getting a good deal online, just use Cash on Delivery and if they are not providing the service of COD, do not buy from there. If it’s a new website, look for reviews and contact the team and try to get COD. If they refuse, it’s better to let them go than whine over your loss later.
Never pay for a job. If you want to join an organization, then it is supposed to pay you and not vice versa. If you are getting job offers from abroad then go to their official website (and not that which is mentioned in the offer letter). Google it and look for the organization’s website that has HTTPS and is trustworthy. Discuss the offer with your colleges/boss/friends and know their feedback.
If anyone asks for money online then just call the person and verify if. And if you don’t have that person’s contact number, there is no need to send money. Even if he/she is a social worker, government official, your past lover or a loved one family member. It’s a golden rule if I know you but don’t have your contact number then we can’t deal with money.
If you feel you are 1 in a million or a very lucky person or it’s your day. Then trust me you are wrong. You will never win the lottery that you have never applied for. If you find your life partner online and he/she needs money then it’s time to look for a new life partner.
If you want to follow one golden advice to tackle all frauds online then just look at grammar and spelling mistakes in the offer that you have got. Till now in most of the cases that I have seen; in almost all the cases, there are spelling or grammatical mistakes. I personally think that every fraudster is an honest person and he/she gives warning to the victim about the scam by making spelling mistakes. So, you should always look for it to be safe.
Images of a few people who thought they were very lucky but they ended up crying about their decisions. Hoping that your image will not be here and you will be protected.
Author – Abhishek Pandey is Cyber Security Engineer at CyberSmithSECURE