Journalist Nidhi Razdan became the victim of an elaborate phishing scam, that proposed a fake opportunity for her to join Harvard as an Associate professor. The seriousness of this scam resonated with her public decision to leave her 21-year old career behind to teach journalism at Harvard.

It happened in the year 2020 when NDTV’s senior journalist Nidhi Razdan attended and spoke at an event organised by the Harvard Kennedy School. She was even contacted by one of the event’s organizers to consider for a teaching vacancy at Harvard. Going by Harvard’s reputation, she submitted her resume and was interviewed a few weeks later for the profile. Up until now, it all seemed legitimate. To her surprise, she received an email allegedly from the HR of Harvard, confirming her recruitment, with an offer letter and agreement. The documents had the name and stamps of all the Harvard signatories and appeared genuine. More so, her former employers were also marked in separate emails for recommendation letters, only to confirm the originality of the alleged job. She even received class schedules, subject details and a detailed breakup of the classes.

Nidhi Razdan announced on national TV about her new opportunity and quitting NDTV on a respected note. The suspicion started when she did not receive her work visa and her salary was not transferred as promised. It was only when she wrote to the Dean of the Graduate School of Arts and Sciences, that she heard back they had no record of her appointment.

Much to her shock with the entire incident, she realized, even though late, that she was a part of an elaborate phishing scam, meant to steal her personal details.

Attacking a senior media person and swindling her of her financial information requires sophistication in technical and digital knowledge. Looking back in hindsight, Nidhi Razdan regrets not doing much due diligence and falling prey to a phishing scam masquerading as a tempting opportunity.

2. Sunny Leone

Bollywood actor Sunny Leone was the latest to join the victims of identity theft. In a series of alleged loan scams on the fintech platform of Dhani Stocks limited platform, her pan card details were misused to take a loan of Rs 2000. The incident messed up her CIBIL score, while the actress claimed that Dhani Stocks did nothing to resolve the matter or take action to avert the potential risks in future.

3. Sunita Gowariker

Sunita Gowariker, the wife of revered film-maker and producer Ashutosh Gowariker, registered a complaint of losing over Rs 1 lakh from her credit card. She claimed to have received a message about an unaccounted expenditure of Rs. 1,34,333.08. Upon questioning her manager, he denied any record or details of the expense.

Her incident reflected the classic example of why you should always guard your credit card information at all times.

Any person can become a victim of scams in physical and digital spaces. And when we think of celebrities, the wealth and fame drive vulnerability, inviting manipulative and intelligent frauds to breed and steam their finances, as well as reputation. With the level of visibility in celebrity life, scammers and con artists have an opportunity to gain more wealth. And when celebrities do get scammed, the one thing that is certain is the massive scale of monetary loss and reputation loss that befalls them.

However, with a little more vigilance and due diligence, scams of any level can be detected, prevented and deterred. Phishing detection apps such as FinLock may help you to prevent such scams and monetary losses.

Jamtara is amongst the chain of cyber-crime gangs actively operating in different parts of India, who feed on the misinformation and unawareness of banking rules, mostly in smaller regions and amongst senior citizens. They call these targets for fake KYC updates, only to steal their personal details and make them transfer funds by causing a sense of urgency.

These crimes often termed ‘Vishing’, or ‘Voice Vishing’ involve tech-savvy social engineering tactics to convince targets to give up private information, despite knowing it might go haywire.

What is Vishing and how does it work?

When a scammer does a Vishing call, they are most likely to use their social engineering skills to trick you into sharing your personal & confidential information, including bank account passwords, and credit card details. financial data etc. The fraudsters would masquerade as executives of your bank or service providers and say that if you do not update your KYC immediately, then your account would be closed. Further, they raise an urgency by telling you to click on the link they provide or installing an app they would share, or in some cases ask for your bank account details to update KYC on your behalf. 

The ones who fall into the trap, end up losing their confidential data and sometimes an empty account.

Vishing, another form of phishing on a call, also comes from a source that seems legitimate but is far from what it might seem. The goal of Vishing also remains the same as phishing- to steal your confidential information and your money.

Moreover, it has become quite easy to contact and scam people. Sophisticated scammers place hundreds of calls simultaneously, using voice over internet protocol (VoIP) technology. This enables the fraudsters to spoof the caller ID of users and make the call appear to come from a trusted source.

How to spot a vishing scam?

Below are some of the common tell-tale signs of a Vishing scam:

• The scammer who calls claims to represent your bank or service provider as a manager or customer care executive. However, unless you request contact with your registered bank relationship manager, you would not receive a call asking for your personal financial information. Therefore, if you receive such a call, the best way to spot a scam is to stay sceptical of anyone who calls you with such an offer. 
• There is a frantic sense of urgency. The sense of fear is what scammers use to tap into your vulnerability to extract personal details. 
• The caller asks for your information. The moment a person gives you a phone call, pretending to be a bank executive or manager, asking you for your confidential information, that’s the moment clarifying the call is not legit, and there is something fishy about the caller.

What are the suggested ways to avert Vishing?

Besides understanding how vishing works and looking for red flags, you can follow the below tips:

• The very moment you suspect the caller is trying to trap you in a vishing scam, do not feel obliged to continue with the conversation. Hang up the call and block the number, easy and effective steps.

• While on call, if you mistakenly continue the conversation and the caller asks you to respond to questions or press buttons, do not respond and hang up, rather than navigate through the instructions.

• If the caller provides you with a call-back number, it most probably is to trick you into their scam, so do not use it, instead, do your own investigation of the company details as provided and call the parent organization to confirm.

Moreover, if you already have provided your personal information or financial details to the suspect pretending to be a bank executive, who most likely is a scammer, then immediately call your bank about the matter. Ask your bank to block your account over a likely scam and block future transactions unless otherwise notified. You can also report this to National Cyber Crime Portal through helpline number 1930 and they will intervene to block the transaction from happening.

In order to prevent these types of scams from happening, you may take the assistance of India’s first online fraud protection app - Finlock

How does Finlock assist in averting Vishing?

To assist in a safe and secured digital journey, Finlock offers an AI-powered online fraud protection solution. Finlock detects and alerts its users 24/7, of any suspicious attempts, including KYC fraud on call. This best-in-class app provides real-time alerts against fraud. It also provides a transaction summary to spot any suspicious activity in your bank account or cards. Its 24/7 live support guides you with the reporting queries. Finlock also offers stolen funds reimbursement of up to ₹5 lakh in the event of online fraud.

Finlock with its smart security against online frauds identifies to build a cyber-safe future for digital India. It provides end-to-end protection from online frauds, by alerting users and guiding them through post-fraud steps.

A report by Google highlights that every day Gmail blocks more than 100 million phishing emails. Imagine this bandwidth of phishing emails spamming your inbox and feeding on your vulnerability on a daily frequency. Despite this huge figure, many fools the Gmail spam protection feature and flood your inbox with fraudulent messages, swindling your money and peace of mind.

While many might argue how dangerous it is for one’s safety to respond to such suspicious emails, the temptation to see what stays on the other side is hard to resist. It is this impulse or concern to click on the emails which seem to have come from trustworthy sources, raising an alarm of some sort, if action is not taken instantly. Whether the urgency of clicking on a link relates to updating your login credentials, updating KYC, take action on your bank savings, most of them hold no genuine grounds and are meant to harvest your sensitive information. 

But, what do you do if such emails masquerade as coming from legitimate sources, hiding in plain sight to gain remote access to your system and infect it with malware, only to steal your confidential information?

More so, what do you do when your own employees knowingly or unknowingly compromise your system to sensitive data leak. While human resources are considered a strong force, they are also the weakest link to your security. A security breach can impact the finances as well as the reputation of a company. Phishing emails exploit this human tendency of temptation in an organization and feed on its employee’s vulnerabilities. A report by Forbes suggested that insiders were responsible for 36% of the total data thefts, both intentionally and unintentionally. This challenge of your security system is crippled by your human resource through phishing fraud has implications worse than any other cyber-attack.

Cyber-criminals are making their way ahead of the cutting-edge systems, bringing sophisticated attacks in myriad forms. Phishing emails are the most common source of attacks and ransomware on a company. With its rising popularity amongst cyber attackers, it is increasingly used to extort money or cause reputation loss of an individual or an organization.

While the extent of this issue is a major security hazard, the ‘STOP’ solution comprises 4 simple questions that you should ask yourself and teach your employees to consider, whenever you receive an email that asks for you to disclose your personal details. This when followed diligently, can avert the danger of phishing emails. 

Let’s walk you through the questions one at a time

S: Does this email look Suspicious?

The moment you receive an email, look for hidden identifiers that can unveil the reality of that email. These may include grammatical errors, spelling mistakes or suspicious email IDs. Legitimate businesses have an automated system for email subject and text checking and almost never commit the error as naïve as bad grammar or wrong spelling. Hence, your first and most important suspicion can arise from identifying these elements. 

T: Is this email Telling me to click a link?

Never will a legitimate business or organization, be it public or private ask you to click on a link in the email and enter your login credentials. If your login credentials have expired or need an update for some reason, they would ask you to visit the official website and access your account there. 

Hence, receiving an email with a link, asking for action through it is a suspicion in itself and you must delete the email right away, without taking any action. However, if you do have a concern regarding the issue raised over email, you can connect with the company in person or over the phone available on their official website. 

O: Is this email Offering something extraordinary?

Businesses do have loyalty programs that offer their clients good offers, discounts, and occasional offers, but never anything extraordinary. Moreover, if they have an offer that sounds tempting, its mention must be on your official account too. To confirm the offerings, you can also call the customer care of that business from their official website. But, refrain from taking action from the link or phone numbers provided in the email. 

P: Is this email Pushing me to do something in haste?

No business would give a restricted deadline without prior intimation for an action such as claiming an offer, discount, updating KYC, applying for a job etc. So, if you receive an email that is pushing you to take immediate action and holds an urgency, then your vigilance sense must get heightened immediately to not respond through the email.

Proceed With Caution

Phishing emails are consistently expanding their dangerous territory and thus have gained the status of being an unavoidable threat in the digital age. Your best protection from such scams is to side with caution and use the STOP technique every time you find something sketchy in your inbox. 

STOP - Suspicious, Telling, Offering, Pushing

Remember, a genuine company would never ask you to share your confidential, sensitive, personal information via insecure channels such as an email. If the message that a legitimate business is trying to convey is truly important, then they would attempt to contact you through verified methods like telephone, without extorting your personal details.