With the benefits of the Internet comes the danger of fraud too. Email Phishing is one such cybercrime. It involves stealing of data and personal information and is becoming increasingly frequent.

What is Email Phishing?

This is a type of online fraud in which cybercriminals send out emails to their victims, trying to convince them that they have a legitimate business opportunity. The email would appear to be from an official organisation that you may be associated with. Scamsters will try to pretend to be anything from a bank or credit card company to a university or another such institution.

The main idea behind this scam is to extract personal information like passwords or PAN card details or other personal information and then use it to steal the victim’s money or identity.

How does it work?

The scamster would send you an email that is designed to look like it has come from the original organisation. This email will have a similar logo, though not the same, as that of the original organisation. It will contain a link, asking you to click on it. If you do so, you will be taken to a site that asks you to share your personal details, including passwords or other information, that will then be recorded by the scamsters. They will then use it to steal the money from your bank account by transferring the balance to some other account.

Why do we fall for Email Phishing scams?

It is in our human nature to trust, especially communication that appears familiar (as mentioned earlier, a phishing email is crafted to look like it has come from a genuine organisation). They also take advantage of the human tendency to make impulsive and irrational decisions when we are afraid; phishing emails will always try to trigger fear. For instance, the email may state that if you do not change your pin, your account will get locked or cancelled. Some may even use an extreme case of telling you that there has been a breach of your banking information and advise you to change your details immediately.

Tips to identify a fake email

• No personalisation: The email may not contain your name or any other information that you have already given to the original organisation. For instance, you will be addressed as ‘Dear customer’ or ‘Dear client’. The genuine organisation would have begun the email with ‘Dear ’, as they already have your details in their database.
• Grammatical errors: You may find spelling errors or sentences that are not structured correctly. For instance, you may see a sentence that begins with a lowercase letter or the use of the alphabet ‘u’ in place of the pronoun ‘you’. Remember that a genuine organisation will always take the effort to ensure that their communication is grammatically correct.
• Convincing: The email may go overboard trying to convince you that it is not fake. For instance, you may find sentences like “You want to confirm that we are genuine, click on the link below”. A genuine organisation may not feel the need to make this effort.
• Address: The most important giveaway could be the website address. Once you click on the link, you will notice that the link does not begin with the name of the organisation. Instead, the name of the organisation will appear after the first slash. For instance, a scamster posing as a bank (let’s say, Great Indian Bank) may appear on a link like http://almall/greatindianbank.in.

Ways to avoid falling prey to phishing emails

Recognising Email Phishing is not difficult, it just requires you to stay alert and be cautious about any email that asks you to share your personal information. The first thing you should do in such a situation is to call up the organisation and ask if they have sent you such an email.

In short, all you have to do is avoid sharing your personal information, even if you receive an email asking for it, as this is something that a genuine organisation would never do.