Phishing is in everybody’s life. Almost everybody, company or a person has been attacked by intruders trying to get into your personal details, passcodes and eventually your bank accounts. There are different types of these techniques analysed below for your attention & protection.
Looking ahead, Cypriot businesses must also prepare for the pending transposition of the Directive (EU) 2022/2555 (the NIS2), which introduces enhanced cybersecurity obligations for a broader range of entities to minimize or eliminate phishing.
VISHING
Attackers pretend to be from your bank, the police, the post office, other governmental agency or any other trusted organisation, to trick you into giving away personal and financial information, such as account numbers, card details, or your internet banking passcodes,
Callers are pushy, sometimes intimidating, asking you to act swiftly and threaten that if you don’t hand over the details they asked for, they will “block” your Cards and / or your accounts, “restrict access to your money” or that you must “transfer your money” to a “safer” account or destination. In other instances, they are trying to convince you to approve transactions via Mobile App push notifications and/ or provide to them the OTPs received on your Mobile, claiming that the reason requesting those is to “credit” your account.
How to spot a Vishing call:
Pressure to act swiftly: Attackers often create a false sense of urgency, either claiming your account has been compromised and you need to take immediate action to avoid restrictions or penalties or tricking you into believe that your account will be “credited”, if you follow their directions swiftly.
Receiving repeated calls from the same unknown number in short period.
Phishing experts may address you vaguely, such as “Dear Customer” or “Account Holder” instead of using your name.
Phishing experts may also lack specific information about your account or get details wrong. Legitimate representatives have access to your verified account information.
How to stay safe:
If you receive an unexpected call and you’re not sure it’s from your service provider, then end the call immediately.
Your service provider will NEVER contact you through any Social Media Platforms such as WhatsApp, Viber etc. Only scammers will.
The Bank and other legitimate organisations will NEVER request you to reveal details such as Internet Banking-Mobile App login passcodes, OneTime Passwords (OTP), Verification Codes (VCs), or PINs via any call
Never reply or call back to any such requests.
SMISHING
How this type of fraud works:
Scammers send highly realistic fake text SMS messages pretending to be your bank, or another legitimate organisation. They want you to reply, click on a link or call back. They will try to make you provide your personal and financial details so they can steal money from your accounts and cards. Beware of SMSs or any other type of Text Messages pretending to be from the Bank or other “Organisations“ through Social Media Applications (What’s App, Viber, etc).
How to spot a Smishing:
Typically, these messages:
Encourage you to take urgent action by clicking on a link or making a call back.
Ask you to verify your accounts, transactions, devices etc.
Look and sound like genuine messages but with new wording added.
May look similar to real messages and sometimes they may even show up in the same thread as genuine messages, you’ve received from an organisation.
May be followed by a phone call from the scammers purporting to be the Bank, or other legitimate Organisation but they will be pushy trying to convince you into providing banking and personal details.
Potentially include grammatical error, spelling mistakes or awkward phrasing – these are common signs of fraud.
Include offers or unexpected prizes. Ask yourself: Did I even participate in a contest?
Your Bank and other legitimate organisations will never ask for your Internet Banking-Mobile App login passcode , card details, PIN, One Time Passwords (OTP) or Verification Codes (VCs) out of the blue.
Make sure you thoroughly read the full content of your One Time Passwords (OTP) , Verification Codes (VCs), Alerts sent from your Bank, BEFORE you authorise any action and financial transaction.
How to stay safe:
Never share your Internet Banking-Mobile App credentials.
Never click on any link(s) in Emails, SMS, App Text Messages, Social media posts or Ads.
Never download any attachments.
Never reply or call back.
Always thoroughly review the FULL content of the Bank’s SMS messages and Mobile App Notifications BEFORE APPROVING any actions / access on your Internet Banking-Mobile App subscription, or any debit(s) from your account(s) and cards.
Never enter your personal information, credit card credentials or passwords on suspicious websites.
Never respond to SMS messages from numbers you don’t recognize and appear suspicious.
Never believe messages that create urgency, such as threating account suspension or claiming you have won a price.
Enable spam filters. Activate your phones spam filter to block suspicious messages.
Keep software updated. Update your device operating system and Applications to enhance protection against vulnerabilities.
QRISHING
In this type of phishing, a criminal uses QR codes as the delivery mechanisms to lure the victim into providing banking and personal information such as financial and personal data or downloading malicious content.
How it works:
The fraudster creates malicious QR codes and distributes them through e-mails, posters, flyers or other physical and digital media.
You scan the QR code with your smartphone or device, believing that it will lead you to a legitimate website.
The QR code redirects you to a malicious website that looks legitimate but is designed to steal banking and personal data like login credentials, banking information or payment details.
In some cases, scanning the QR code may initiate the download of malware or ransomware onto your device.
The fraudster may use this QR code to perform unauthorized actions, such as initiating payments, accessing your accounts or stealing your data.
How to stay safe:
Do not scan QR codes from untrusted sources.
Use QR scanner that provides the functionality to preview the URL before opening it and to potentially identify any malicious URLs.
