DENY ATTACKERS THEIR WISH, SQUISH THAT PHISH!

1. Creating a sense of urgency, which pressurizes the victim to click on the link or open the attachment due to a perceived impending deadline

2. Posing as a senior official of the organization in an attempt to lower the victim's guard and make them more compliant

3. Luring the victim with a promise of significant benefits such as rewards, profits, amazing discounts or memberships

4. Creating a perceived threat that ignoring the email SMS or delaying its recommended action will cause great financial loss or grievous damage to the victim or their organization

5. Spearphishing - Attackers perform social engineering to create convincing themes to target specific officials based on their google searches, cookies and social media posts. e.g. an amazing offer on mobile phone for someone searching for a new phone, a vacation deal or school admission for someone with the same in their search history
Using current developments and imposing themes as topics for their campaigns eg. COVID-19 themes such as new cure, new variant, or Income tax related themes in tax-filing season

Most 5 Common Phishing Tactics – Bank’s Advice & How to Protect Yourself from Phishing Attacks

In today’s digital world, cybercriminals use increasingly clever tricks to steal sensitive information such as bank login details, card numbers, and OTPs. Phishing remains one of the most common and dangerous methods. Understanding how phishing works—and how banks advise customers to stay safe—is the best defence.

Below are the top 5 most common phishing tactics, along with actionable tips from banks on how to prevent becoming a victim.

1. Fake Emails & SMS Pretending to Be Your Bank

Phishers send emails or SMS messages that look identical to real bank communication. These messages often include:

• Urgent warnings like “Your account will be blocked!”

• Fake links asking you to update KYC or verify your account

• Attachments containing malware

Bank’s Advice

✔ Banks never ask for passwords, PIN, CVV, or OTP through email or SMS.
✔ Always check the sender’s real email address or phone number.
✔ Do not click suspicious links—visit the bank’s official website directly.

2. Fake Websites That Look Real

Cybercriminals create websites that look exactly like real banking portals. When you enter your login details, they capture it instantly.

These sites often come through:

• Links received via SMS/WhatsApp

• Fake Google Ads

• Search results that are manipulated

Bank’s Advice

✔ Always type your bank’s website URL manually.
✔ Look for https:// and the padlock icon, but also verify the domain spelling (e.g., hdfcbakn.com is fake).
✔ Bookmark your bank’s official login page.

3. Voice Phishing (Vishing) Calls

Fraudsters call pretending to be:

• Bank staff

• RBI / police

• Credit card departments

• Loan / reward departments

They create urgency and ask for OTP, PIN, CVV, or ask you to install apps that give them remote access.

Bank’s Advice

✔ Banks never ask for confidential information on calls.
✔ Hang up immediately if someone asks for OTP or card details.
✔ Do not install screen-sharing apps like AnyDesk or QuickSupport when someone asks you to.

4. Social Media Phishing

Fake social media accounts impersonate customer care teams. When customers post complaints online, scammers message them directly offering “help.”

They send phishing links or ask the user to share personal details.

Bank’s Advice

✔ Verified customer care pages have a blue tick.
✔ Banks will never send you links in private messages for verification.
✔ Avoid posting personal details publicly on social platforms.

5. Fake Lottery, Reward, & KYC Update Scams

Scammers claim:

• “You have won a reward!”

• “Your KYC is expired—update immediately.”

• “Your card/account will be blocked today.”

The goal is to create panic or excitement so you click quickly without thinking.

Bank’s Advice

✔ Banks do not offer cash rewards through links.
✔ KYC updates are done only through the bank branch or official banking apps.
✔ Never trust urgent messages forcing immediate action.

How to Protect Yourself – Simple & Effective Security Tips

1. Never Share Your Banking Information

Your bank will never ask for:

• PIN

• Password

• CVV

• OTP

• Net banking credentials

2. Enable Multi-Factor Authentication (MFA)

Use biometric or app-based authentication for better safety.

3. Keep Your Mobile & Banking Apps Updated

Updates patch security holes that hackers exploit.

4. Use Strong, Unique Passwords

Avoid using the same password for banking and other websites.

5. Monitor Your Account Regularly

Set SMS/email alerts for transactions to detect fraud instantly.

6. Avoid Public Wi-Fi for Banking

Public networks can be easily intercepted.

7. Report Suspicious Activity Immediately

If you suspect fraud:

• Call your bank’s official helpline

• Block your card/account

• File a cybercrime report at https://cybercrime.gov.in

Final Note

Phishing attacks succeed because they look real and create urgency. Staying alert, verifying before acting, and following your bank’s official security guidelines will protect your money and identity. Awareness is your strongest defence.