Online Scam is the scam that tricks people online to extract their sensitive data. And the scammer uses those data to blackmail the victims, steal their money, and many more. The most common way scammer scam people is by the mean of Phishing.
What is Phishing ?
Phishing is the act of tricking the people to gain sensitive information like Username, Password, Credit Card Details, etc. Hacker creates a fake login page that exactly looks like the original one and tricks the users to input their sensitive details.
If you provide your banking details in such web pages that exactly look like the original one, it means you’re providing your details as a message or an email to the scammer. It is because whatever the information you entered will directly be mailed to the hacker.
How to spot a Phishing Website ?
It’s normally difficult to distinguish between the legit and Phishing Website by using considering the Website Design. But the important things that make the Phishing Site different are URL and Green Padlock.
1: Must Verify the Site URL First
So, whenever you log in to Facebook, Gmail or Banking Login Portal, make sure you have the valid URL in the URL box.
Let’s take the example of NIC Asia Bank. If you have to log in to the Internet Banking of NIC Asia Bank, then the Original URL is https://itouch.nicasiabank.com/.
If you see the login link something like http://itouch.nicasiabanknp.com (Fake URL) or any other similar links other than https://itouch.nicasiabank.com, then the link is considered as a Phishing link.
2: Make sure the site has Padlock Enabled (SSL/TSL)
The Padlock decide the security of sensitive information entered in the site. If you entered your sensitive details like, password and credit card details, in Padlocked Site, those data are stored in encrypted form. Whereas, in the Padlock Off-site, those data or information are stored in the clear text form.
The third-party sites can get those sensitive details if you provide any sensitive details to the site without Padlock Enabled. Padlocked sites have HTTPS instead of HTTP in URL.
As you can see in the upper image of NIC ASIA, the site has HTTP instead of HTTPS. It means the site is Insecure.
Whereas, in this image, the site has Padlock Enable and there is HTTPS and the URL is legit. It means this is the trusted site and we can processed login into this site.
Sometimes, though the site URL is correct, it might not show Padlock Enable. So, in this case you need to re-enter the correct URL and once you see the Padlock, you can proceed the Login.
Phishing Email Scams
This is the internet world and everybody owns email these days. And it becomes easier for the scammer to scam through Phishing Email.
The email looks like real and users may believe that the email is actually send by the genuine organizations. Such emails may have some attachments or any links where they trick the users to enter their sensitive details (eg: Bank Details, Password, Date of Birth, Citizenship’s No, Passport No, etc).
Things that Genuine Companies Do While Emailing Customers
- Use their company’s domain email while making email contact
- Greet user by their name
- Do not ask for password , OTP, Card’s details or any bank details
- Do not send grammatical error or spelling error emails
- Do not ask you to install any software via attachments
- Do not send Lottery mails.
Steps To Get Stay Away From Online Scam
1. Use Secure Sites
Never share your personal details with the site which doesn’t have padlock enabled. Make always ensure the URL is 100% correct before making any of the entries in that sites. It is because those sites might steal your original Login Credentials and your Credit Card information as well.
2. Never Participate in PUBG/Free Fire Schemes
Some phisher trick you to put down your login information in their site and grabs your login details to access your PUBG/Free Fire account. They create a page which has schemes of UC/BP and Skins. And they ask you to enter your Social Account’s Details.
After that, you get nothing other than getting hacked. You’ll lose your access to not only PUBG/Free Fire but also access to your Social Media accounts.
3. Never believe Viber/WhatApp/Email lottery Schemes
If someone tells you that you’ve won Million of Dollar. And to get the Million, they may ask you to transfer some funds through Western Money Transfer or through Bitcoin.
If it happens with you, then completely ignore those people and never reply to their message. They make people greed to get those Million. But the fact is, it’s their trick to scam the people.
4. Never Share Your Credit Card Details
Some scammer might contact you and they may ask you that your Credit Card has been expired. And they ask you to provide the Credit Card details to verify that the card actually is yours.
But the fact is, Bankers never ask for your Credit Card details, nor they ask Password. So never share your Credit card Details to anyone.
5. Set Strong and Unique Password
You must have to set strong password. The password must have numbers, mix upper/lower cases and some characters.
You shouldn’t use the same password on many platforms. Suppose, if someone knows your Facebook login details and you have got the same password on your E-banking account, they can easily get access to your account.
6. Never Use Same Login PIN for Mobile Banking
Suppose you have your PIN “1234” for unlocking your Phone. And if you have the same PIN for Mobile Banking, then someone who’s close to you might make transactions from your account.
7. Setup OTP and Never Share it with anyone (2FA Verification)
OTP stands for One Time Password. You can set up OTP in your Google account, Facebook account, and in almost all Online Accounts.
If you set up OTP, then though the third person knows your login details, he/she can’t get access to your account until they have OTP.
Note: Bankers Never ask your OTP for verification. If they, then it’s a scam.
8. Update Your Device Regularly
You should update your computer or Mobile phone regular. It’s because updates comes with new security updates and the company fixes the vulnerabilities they has in their previous version. If you didn’t make an update to your device, the hacker might take the advantage of vulnerabilities and get access your your device.
9. Skip Login/Signup in Public Network
Creating an account or signing an account in Public networks seems to be dangerous. Hackers can easily steal your Login Credentials from Public networks.
If you have to do some transactions from your device, then please switch back to your Mobile Data.
10. Use Proper Antivirus
Using antivirus is really a great way to get away from Online financial frauds or scams. It helps to remove the Malware and Trojans inside you computer. Basically, those Malware and Trojans remains inside the computer without getting noticed and they monitor each and every our action with the computer.
So these are the few things you can do to stay away from online scammers. There are many other steps you can do like using VPN, securing an E-mail Address, and many others.