Types of Phishing Scams

With the advancement of technology, the cases of fraud increased especially on the internet. Some people utilize the online platforms in committing internet fraud that covers a range of illegal and illicit actions that are committed in cyberspace. Internet fraud includes automotive fraud, charity fraud, gambling fraud or social media fraud. They will ask the victim for personal information or money even steal the victim’s identities.


Email phishing scams

Email phishing scam is a fraudulent email message that appears purposely target to companies and individuals. Phishing is a technique that hackers con the victims into providing their account data or steal personal information. There is a link in the email which will take the recipients to a page to confirm the private data. If you provide your data to the sender, hackers will install malware into your system to steal more sensitive data. Cyber criminals via emails designed to look like they are from professional industries such as banks, organizations and government agencies.

Fraud example
Credits: maybank2u.com


Tips to recognize malware email:

1. Sender’s email address

You must know that no organization will send you by using a public internet account such as Gmail, Yahoo! and Hotmail. Every company should have their own email domain or company account. You can type the company’s name into a search engine to search or verified their domain name.

2. Organization usually call you by name

Organizations will send personalized messages to their customers. In the emails, company that you usually deal with will call you by name or call you directly. They already have your personal information. Besides, if an email with generic salutations such as “Dear customer”, you should be careful.

3. Typo or grammatical mistakes

An email from a legitimate organization should be written professionally.

If the email is full of spelling or grammatical errors, probably someone uses an online translation service to translate the mail. You are able to identify that the email has been sent by cyber criminals.

fraud exxample
Credit: blackridertips


Vishing Scams (Voice Phishing)

This can be one of the technological-based criminal scams, a form of criminal phone fraud happened around the world. Vishing scams rely on social engineering over telephone system to steal personal data from victim. The the scam attempt is the same whereby vishers try to convince the victim to give up social security numbers, credit cards security codes, account PIN numbers, and other personal details. This is dangerous as a user because you don’t know what the other person will do to your account. Criminals can use the information for identity fraud or steal large amount money from the account directly.

For example, someones targets to your bank account might give you a call. They claiming that its is a call from a bank and said there is some problem with the user’s bank account. They will ask you to provide private data to address the problem.  The visher makes the potential victim panic and afraid so that they can deceive them easily. On the other hand, it can be a call telling you that you’ve won a big prize such as a New Zealand vacation. Normally, they ask you to give your credit card number over the phone or need to pay a redemption fee to claim the prize.

Common types of vishing:

  • Offer credit services and loans
  • Prize or contest winning
  • Fake government agencies (admit as PDRM, Bank Negara)
Anatomy of vishing attack
Credit: biocatch


Tips to protect yourself against vishing scams:

1. Never answer a call from an unknown number

Answering calls from unknown numbers could lead you into a scammer’s waiting arms. Picking up the class will only show that the number is active and lead to more call-in future. Rather than picking up the calls, you can let the call go to voice mail. If it is an important matter, the person or organization will always leave a voicemail or call back later.

2. Never give personal information if you answered the call

Do remember that government institutions or banks should never ask for personal information over the phone. You should hang up the calls and look for the number of the company on their website. If the numbers provided by the caller differs, you should call the original caller to verify the identity.

3. Caller ID may help

Apple and Google operating system can handle most spam calls effectively to ensure users privacy.  Many voices over internet protocol (VoIP) options available enables.

scammer to hide their identities and their calls are not traceable. Although a caller ID app can detect and block spam calls, it is not 100% trusted. Better not to answer calls from numbers that is suspicious and not in your phone book.


Pop-up warning scams

Probably most people have experienced a pop-window appears on the screen claiming that there is a virus attack while surfing on the smartphone. Mobile phone users are required to call a tech support number as the pop-up claim that the phone has been hacked. That is a fake virus alerts that commonly circulating the iOS and Android users. Fraudulent companies use fake pop-up warnings claiming that your laptop is infected with virus. The purpose is to extort the victim to gain money and install malware to access personal information.

pop up scam
Credits: mumcentral.com

                     Fake                                              Real

Credit: mumcentral.comIt is certainly unable to differentiate the fake pop-up and the official pop-up over Apple ID. The fake pop-up works by hiding malicious ID login within apps, it will pop-up with any open apps and require users to enter their passwords. However, users never expected their personal account details could end up in the hackers hands.

In order to avoid more victims in iTunes pop-up issue, users can hit the home button to analyze whether it is a system dialog or phishing attack.

Phishing attack: It closes the app, and with it the dialog,

System Dialog: The dialog and the app are still visible.

Do remember that don’t simply enter any personal information or password into a pop-up. You can dismiss it and open to settings manually to avoid the scam.

Fix it with a simple steps:

  • On Chrome, head to Settings > Site (or Content) Settings > Pop-ups and redirects to block these.
  • On Safari, head to iOS Settings > Safari and toggle on Block Pop-ups and Fraudulent Website Warning.