Phishing attacks occur when you open a message that pretends to be from someone you know (like the police) or are generally reliable. This message might request personal information, like your credit card number, login credentials, or password.
Unknown numbers with a common template have been sending out fake messages warning people in Chennai that their power supply will be disconnected due to unpaid bills. Two Chennai residents were greeted with an SMS message claiming that their electricity bill was due. No one answered the number and when they called, the person on the other line asked them to pay up to 1500 to their GooglePay account. This is suspicious because the Chennai residents had already paid their bills.
Tangedco has confirmed that the message is not from them, “requesting consumers not to respond to such messages”. It does not send any request for payment through phone call or SMS, and only accepts payments on its website. People are vulnerable to phishing attempts because they fear their electricity service would be cut off if they don’t pay. Tangedco should take measures to alleviate this anxiety, such as distributing pamphlets as well as advertising in the media.
Remote Access Apps at Rising
Scammers are using remote-access apps to get bank credentials from people’s phones and then steal money. In one incident, after stealing someone’s phone credentials, scammers were able to take as much as Rs 8.88 lakh from this man in Chennai.
The scam begins with an SMS claiming the victim’s electricity service will be cut. If the victim responds by calling a number, they are directed to make additional payments over the phone through various methods, culminating in what is termed “money muling”, where a victim’s bank account is emptied of funds.
How does this scam occur?
To scam victims, scammers would offer to help with payments or refunds. Once the victim downloaded remote access software, the scammers would use that access to steal information. According to Officer dirk, scammers first ask the victims for a small fee and then steal the passwords without their knowledge. This small transaction allows the criminals to empty their bank accounts in 3-4 transactions.
The victims realize that they have been conned only after their transaction is completed. The officer advises the public to contact a helpline number if they fall victim to this scam. Anyone who transfers money could have their account traced if they report the incident to financial authorities before the transfer is complete.
The sooner victims start to recover funds from financial fraud, the more likely they are to get it back. In some cases, however, scammers are currently not being traced or arrested. There is a new type of phish that is about stealing electricity, where scammers are using remote-access apps to get bank credentials from somebody’s phone to steal money.
There is a type of scam that tricks people into calling a number to update their monthly payments. They get an SMS originally stating that their electricity was going to be cut, but the scammers keep calling even if the charge has been updated. A scammer would contact a victim to offer help, and then in the end tell them to install an app that would allow access. For eg; the scammers will then ask for a fee from the victim before going to the bank and emptying their account. The amount of this fee can vary anywhere from Rs 100.
The police advise that if you ever get conned, contact cyber crime helpline number 1930 immediately. The problem with this money transfer is that it was unannounced and undisclosed. With the help of the transaction ID, we could find where the money was transferred and limit the amount taken.
Victims of financial fraud can’t wait to get started on their money-recovery process. If they don’t act quickly, they might not be able to successfully recover the money that was withdrawn long ago. Fortunately, the Chennai man in this story was able to recover his money in about 20 days. The scammers have yet to be tracked down and arrested.
- Fake emails from my university are sent to many university faculty. This email is warning the user that their password is being changed, giving instructions to immediately visit myuniversity.edu/renewal to renew their account logins in 24 hours. Phishing is a cybercrime where you are tricked into clicking on a link that takes you to a fake website.
- The URL in the sentence redirects to a bogus page which appears to be the real renewal page. The attacker waits for people to enter their new or existing passwords so that they can use them to get access to secured areas on the university network.
- Pay close attention if you are contacted by someone asking for money via SMS, as it may be a scam in order not to get caught.
Sometimes phishing is used as a part of an attack. Depending on the scope of the attack, a phishing attempt can escalate into a full-blown security incident that will take more time to recover from than otherwise expected.