Animated Cyber Tales

Menu

5.1 Phishing: The Baited Hook: Almost falling for a phishing scam from a bank

Phishing: The Baited Hook

In this lesson, let’s understand the concepts

  • How phishing scams work and why they’re effective
  • Signs of a phishing email
  • Practical steps to avoid falling victim to phishing scams

by considering a scenario as described below.

Rahul recently received an email from his bank that looked urgent. It said his account was locked due to suspicious activity and asked him to click a link to verify his details. Worried about losing access to his account, Rahul almost clicked the link—but something didn’t feel right. Unsure about what to do, he asked Rohit for advice.

Understanding Phishing Scams

Rahul:
“Rohit, I got this email from my bank saying my account was locked and that I need to verify my details. The email looks real, but I’m not sure if I should click the link.”

Rohit:
“Good thing you paused, Rahul. That email sounds like a phishing scam. Phishing is a type of cyberattack where scammers impersonate trusted organizations, like banks, to trick people into sharing personal information—like passwords, account numbers, or credit card details.”

Rahul:
“So, if I had clicked the link and entered my details, the scammer could’ve stolen my information?”

Rohit:
“Exactly. The link would’ve likely taken you to a fake website designed to look like your bank’s login page. Once you enter your credentials, the attacker gets access to your account.”

How to Recognize a Phishing Email

Rohit:
“There are some common signs that an email is a phishing attempt. Here’s what to look out for:

  1. Urgent or Scary Language:
    The email might say things like ‘Your account will be closed!’ or ‘Action required immediately!’ to make you act without thinking.
  2. Generic Greetings:
    Instead of addressing you by name, phishing emails often use generic terms like ‘Dear Customer.’
  3. Suspicious Links:
    Hover over the link without clicking—it might look like it leads to your bank but actually points to a completely different site.
  4. Grammar or Spelling Errors:
    Legitimate companies rarely make mistakes in their emails. Errors can be a red flag.
  5. Unusual Sender Address:
    The sender’s email address might look close to your bank’s, but there will often be slight changes, like support@bank-secure.net instead of support@yourbank.com.”

Rahul:
“I didn’t notice most of that! I just saw the email and panicked because it said my account was locked.”

Rohit:
“That’s what phishing relies on, Rahul—panic. Scammers want you to react without thinking critically.”

Steps to Avoid Falling for Phishing Scams

Rohit:
“Here’s what you can do to protect yourself from phishing scams:

  1. Pause and Think:
    Don’t act immediately. Take a moment to verify the email’s authenticity.
  2. Never Click on Links in Emails:
    Instead of clicking the link, go directly to your bank’s website by typing the address into your browser or using their official app.
  3. Verify the Sender:
    Check the sender’s email address carefully. If it looks off, don’t trust it.
  4. Contact the Organization Directly:
    Call or email your bank using their official contact information to confirm if the email is legitimate.
  5. Enable Multi-Factor Authentication (MFA):
    Even if your credentials are stolen, MFA adds an extra layer of protection, preventing unauthorized access to your accounts.”
How to Report Phishing Scams

Rohit:
“If you ever suspect a phishing attempt, here’s what you should do:

  1. Don’t Click or Respond:
    Avoid interacting with the email or link.
  2. Report the Email:
    • Most banks and organizations have a dedicated email address to report phishing attempts. Forward the suspicious email to them.
    • Some countries have dedicated cybercrime cells within the police department. You can report phishing emails to them, and they will handle the issue. Check your country’s official cybercrime reporting platform for details.
  3. Delete the Email:
    After reporting it, delete the email from your inbox and trash folder.
  4. Warn Others:
    Share your experience with family or friends to help them stay alert.”
Takeaway: Think Before You Click
  • Phishing scams are designed to trick you into sharing sensitive information by mimicking trusted organizations.
  • Recognizing the signs of a phishing email, such as urgency, suspicious links, or sender addresses, can help you avoid falling victim.
  • Always verify emails directly with the organization and never click on links or attachments from untrusted sources.

Rahul:
“Thanks, Rohit. I’m glad I didn’t click the link. I’ll be more cautious from now on and always verify emails before acting.”

Rohit:
“You’re on the right track, Rahul! Cybersecurity is all about staying aware and taking your time to think critically. The more careful you are, the safer your online experience will be.”

Scroll to Top