Here are some common methods that are used to conduct fraud:
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an
attempt to scam the user into surrendering private
information that will be used for identity theft. The e-mail directs the user to visit a Website where they
are asked to update personal information, such as
passwords and credit card, social security, and bank account numbers, that the legitimate organizational
ready has. The Website however, is bogus and setup
only to steal the users information.
How to identify Phishing Emails?
What is Spear Phishing?
- Phishing emails will appear to come from a friend, your boss, family member, bank, or government
- Phishing emails might include text like "Verify your account ",”You have won the lottery”, or "If you
don't respond within 48 hours, your account will be closed", “urgent response”.
- Phishing emails might ask you to click on a link or open a file.
- Phishing emails might include official-looking logos, wordings, and other identifying information taken
directly from legitimate websites.
- Phishing emails might include links to spoofed websites where you are asked to enter personal
Spear phishing is highly targeted phishing attack. Spear phishers send email that appears genuine and
from a trusted source like a work colleague, boss, friend, family, your bank, or government organization.
The aim of the spear phishing is to trick the victim in to performing actions he/she will not usually do.
How Spear Phishing Works?
First, Criminals gather information about the target victim / and or organization. They often obtain
through websites, blogs, and social networking sites.
Then, they send e-mails that look like the real thing to targeted victims, offering all sorts of
legitimate-sounding explanations as to why they need the information.
Finally, the victims are asked to either reply to the message, click on a link inside the e-mail, or
open a file.
If you receive any suspicious email:
- don’t click on any links
- don’t open any attachments
- don’t reply
- contact the organisation using a phone number you know is genuine, or visit their website
- delete the suspicious email and empty the recycle bin on your device
Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to
divulge sensitive information. The fraudsters would attempt to obtain your data and use it for their own
benefit—typically, to a financial gain.
The caller may try to persuade you to make a bank transfer to a ‘safe’ account or press a number on your
phone or divulge personal information.
Fraud carried out via SMS is called Smishing; when you may receive fake text messages that look like they’ve
come from your bank, or another trusted organisation. The goal here is to get you to reply with your
personal or financial information.
Typically, the text message may include an urgent call-to-action by either clicking on a certain link or
dialling a number. If you receive any suspicious message, do not click on any link or number.
Identity theft happens when someone uses information such as your Name, Address, Credit Card and Bank
Account Numbers, Social Security Number, etc.) without your permission. Such theft can be used to buy things
with your credit cards, get new credit cards, open a phone, electricity, account, steal your tax refund and
basically pretending to be you.
- Keep your financial records, Social Security and Medicare cards in a safe place.
- Shred papers that have your personal or medical information.
- Take mail out of your mailbox as soon as you can.
- Do not give your personal information to someone who calls you or emails you.
- Use passwords that are not easy to guess. Use numbers and symbols when you can.
- Do not respond to emails or other messages that ask for personal information.
- Do not put personal information on a computer in a public place, like the library.
A social engineering attack is one in which the intended victim is somehow tricked into doing the attacker's
bidding. An example would be responding to a phishing email, following the link and entering your banking
credentials on a fraudulent website. The stolen credentials are then used for everything from finance fraud
to outright identity theft. An adage comes to mind here, "it pays to be suspicious". With socially
engineered attacks, the opposite is also true - if you aren't suspicious, you will likely end up paying
NEVER give or share personal information with anyone or perform actions you would not usually do
because someone asked you to. Always challenge them.