Don’t take the bait: Phishing, vishing and smishing scams on the rise
Info Nuggets
Unlock Exclusive Insights with The Tribune Premium
Take your experience further with Premium access. Thought-provoking Opinions, Expert Analysis, In-depth Insights and other Member Only Benefits
Advertisement
| Term | Medium used | Method | Example |
| Phishing | Email or fake websites | Fraudulent messages mimic legitimate organisations to steal data like passwords, bank details | You receive an email appearing from a bank asking to "verify" account details through a fake login page |
| Vishing (Voice Phishing) | Phone calls | Imposter calls pretending to be from banks, govt., police, etc., to trick victims into revealing confidential information | Fraudster calls claiming to be an RBI officer verifying your account |
| Smishing (SMS Phishing) | Text messages | Fake SMS with malicious links or urgent requests to lure victims | SMS saying “Your account will be blocked — click here to update KYC” |
- Phishing
- Relies on social engineering and digital deception
- Common forms: Email phishing, spear phishing (targeted), whaling (targeting VIPs), clone phishing
- Often uses urgency (“account suspended”) or rewards (“you won a prize”) to make victim act quickly
- Risk: Financial theft, identity theft, ransomware infection
- Vishing
- Combines voice communication with fraud
- Uses caller ID spoofing to appear from genuine numbers
- Often plays on fear or authority (tax notices, police cases, loan defaults)
- Scammers may record calls for misuse of voice samples
- Smishing
- Uses SMS/instant messaging (like WhatsApp)
- Often contains short URLs to hide malicious sites
- Exploits trust in mobile communication
- Common during bank KYC updates, festival offers, or disaster relief scams
How to protect ourselves
Advertisement
- Awareness & verification
- Never click on suspicious links or attachments in emails/SMS
- Verify the sender independently (call bank/govt. helpline directly)
- Cross-check website URLs for spelling errors and HTTPS
- Technical safeguards
- Use spam filters, antivirus, and updated software
- Enable two-factor authentication (2FA) for important accounts
- Avoid using public Wi-Fi for financial transactions
- Behavioural practices
- Never share OTPs, passwords, or PINs over calls/SMS
- Ignore calls requesting urgent payments or personal data
- For organisations
- Employee cybersecurity training
- Incident reporting mechanisms
- Email authentication protocols like SPF, DKIM, and DMARC
Report phishing attempts to:
- Indian Cyber Crime Portal: cybercrime.gov.in
- Helpline number: 1930
- CERT-In (Indian Computer Emergency Response Team)
Civil Services Exam relevance
Prelims: Can be asked as MCQs — e.g., “Which of the following is NOT a form of phishing?”
Mains (GS-III: Internal Security):
Advertisement
- Explain with examples in context of cybercrime trends in India.
- Link with initiatives like the National Cyber Crime Reporting Portal and Digital India cybersecurity frameworks.
Advertisement
Advertisement