CALCULATOR

TD Rates

FIND US

HELP VIDEO

VISA OFFER

Beware of Phishing

What is phishing

Phishing is a type of internet fraud that aims to steal sensitive data such as your online banking account credentials, card details, account information, and personal data.

Scammers use fake emails and text messages to trick you into giving them your sensitive data. These fake emails and messages seem to come from a legitimate source and encourage you to provide sensitive data. Fraudsters use also voice phishing over phone calls (also known as Vishing) to commit these scams. Phishing is a form of criminally fraudulent social engineering attacks.

 

How To Recognize Phishing

Typically, phishing warns you of an urgent problem with your account and tricks you into providing sensitive information, clicking on a link that takes you to a fake website, or opening an attachment that contains a malicious code. Though scammers often deploy new tactics to keep up with the latest trends, there are common signs that you can notice to detect phishing:

  • Scammers may say they have noticed suspicious activity or login attempts on your bank account and urge you to update your password.
  • Scammers may tell you there is a problem with your shipment or payment and that you must update your credit card data.
  • Scammers may send a fake email that seems to be generated from one of the platforms or service providers you are subscribed to and claim that your subscription is expired and that you need to click on a hyperlink and enter your credit card details.
  • Scammers may attach fake invoices or account statements to convince you to open these attachments.
  • Scammers may offer free coupons to convince you to visit a fake website.

Scammers may call you pretending to be one of INVESTBANK’s Contact Center agents and request you to provide the OTP received by SMS. Scammers are using advanced techniques to show the true phone number of the call center on your phone's screen.

To do this, scammers may craft a fake email message and send it to you or send you SMS containing a link to an external website or an attachment. They may also try communicating with you over the phone or upload fake applications on app stores. Usually, scammers use a sense of urgency, fear, or curiosity to convince you to take an immediate action.

 

Types of phishing

Scammers may execute phishing attacks by several means. The following are the most prevalent types:

  • Email phishing
    This is the most common phishing technique, and scammers send fake emails to recipients. Most of these messages have an urgent note which requires the user to enter credentials to update account information, change details, or verify accounts. Sometimes, they may be asked to fill out a form to access a new service through a link provided in the email. The attackers may also attach a file claiming to be an account statement
  • Vishing (Voice Phishing)
    In this type, the phisher calls the user and asks them to dial a number or provide sensitive information, such as the account's password or an OTP. Vishing is mostly done with a fake caller ID.
  • Smishing (SMS Phishing)
    Phishing is conducted via Short Message Service (SMS). A smishing text, for example, attempts to entice a victim into revealing personal information via a link that leads to a phishing website.

 

How To Protect Yourself From Phishing Attacks

We provide you with the following tips to protect yourself from phishing attacks:

Generic controls

  • Generally, never give out personal or sensitive information, even to people pretending to be from INVESTBANK.
  • Before you click, ensure that the received message makes sense to you. If you are not used to receiving email communications from INVESTBANK, for example, receiving one is unusual and should alert you about suspicious messages.
  • Keep your devices and browsers up-to-date, and install the security patches as soon as they are released.
  • Verify a site's security. Before submitting any information, ensure the site's URL begins with "HTTPS", and there are no signs of security warnings.
  • Check your online accounts regularly. Review your account and card statements regularly and check every entry carefully to ensure no fraudulent transactions have been made without your knowledge.
  • Use antivirus software to detect and block malicious files downloaded from phishing emails. Scan the attachments in emails before opening them.

Phishing emails

  • Notice the sender's email and ensure it comes from a legitimate domain name. Criminals usually use a free email service to communicate with you.
  • In the emails you receive, be on the lookout for:
    • Spelling mistakes, incorrect grammar, or odd phrasing
    • Poor design
    • Distorted or stretched logo
    • Generic greetings or signatures 
    • Urgent language
    • Un-personalized salutations such as "Dear user".
    • The link in the email doesn't match the URL of the legitimate site.

Vishing (Voice Phishing).

  • Don't respond to unknown numbers.
  • Verify the identity of the caller. Challenge them to identify their identity.
  • Don't give personal or sensitive data over phone calls.

Smishing (SMS Phishing)

  • Don't respond to unknown numbers over SMS or any other messaging application.
  • Don't click on hyperlinks inside SMS or any other messaging application.
  • Don't give personal or sensitive data through SMS or any other messaging application.

For any inquiries or to report suspicious fraudulent attempts please call our Contact Center.

Related Content

Social Engineering