The Amazon Phish: Beware of Online Frauds
With the recent Demonetisation, many of us have shifted to the cashless economy, relying more on Plastic cards, E Wallets, online payments, and online shopping. These are all going to impact the Indian Economy in a major way. I am not going to argue whether the Govt move is right or wrong. Time will tell us pretty soon.
What stares at me and worries me most is the growth of online Frauds. In 2016, UK lost 10.9 Billion Pounds. According to Symantec, India lost USD 4 billion in a year between Aug 2012 and July 2013. Today that figure could be even more.
Last week my sister got a shock when she got a mail which looked exactly like the mails you get from Amazon when you shop online on Amazon website. It informed her that she had ordered an item for 150 Pounds (Nearly 13,000 rupees) and it would be delivered within one working day to someone in UK. For a casual person, the mail had a typical Amazon mail id. It further stated that in case the order has NOT been done by her, then she had to click a link “http:/www. amazonrefund.co.uk/cancelorder/ server/amz/ security/” which would give her a full refund. She did panic, and called me. For a moment I thought she has been defrauded. When I looked at the mail she forwarded me, I immediately recognized it was a PHISH.
When anyone of us gets such a mail, we do panic and click the link. And that Exactly is what the Fraudsters want us to do. When we click such links, we will be taken to an Amazon looking duplicate site. We would be asked to enter our log in ID and Password to resolve our issue/ process refunds. The fraudsters now having our credentials would then log in into our account and shop using the cards we have saved online, or use cards which have been stolen from others.
How do we detect a Fraud Phishing Mail? Whenever you get such a mail, you can decipher that it is a fraud or a Phishing mail by looking under the bonnet. At the outset all you need to do is to check the mail id. In this case though the Senders Name was “Support.email@example.com”, the mail id showed it was from firstname.lastname@example.org. This is the first give away. Why would Amazon mail id end with @freenet.carleton.ca? It should ideally end with @amazon.com.
Next place your cursor on to the link they have provided to resolve the issue. When you place the cursor on it without clicking, the actual destination link will be displayed on the left bottom corner. In this case the Link had words which said “http:/www.amazon-refund.co.uk/cancelorder/server/amz/security/” but the site it was taking us to, was displayed as http://jhgfrdt5rfgf5rf.selfip.org/onlineamz-suppot/account/. Again why would the site NOT show Amazon.com. These two are the typical signs that it is a phishing mail that needs to be deleted forthwith.
More Kinds of Frauds? You may get such fraud mails that look as if it has arrived from the IT Department esp during the IT refund season. In all earnest you may think it is from the Govt IT Department and provide your details and some even ask for Banking details to process refunds. Then there are mails announcing you to be the Lottery Winner or having won Free Recharge to your mobile. There are now new forms of putting Trojans in your mobile phone by circulating links that offer Free Calls, or New Updates to WhatsApp which will turn green or blue etc. Kindly delete these links the moment they come. Do NOT click on them. Do NOT forward them in any groups.
What should you do? In case for some reason, you have clicked these links earlier, I would suggest to format your mobile phone/ laptop. Next change all your Banking passwords once in a month. In case you are like me who always forget passwords, ensure they are easy to remember sentences. For example one possible password example which you can never forget could be MfCniSbi2002@B. What is this??? The first letter of the sentence “My first Child’s name is Shankar born in 2002 at Bangalore”. The password should be more than 8 characters, have Capital and small alphabets, numbers and special characters.
What More should you do? Never Store your card details online even though it is convenient. Always do your online shopping from a computer that is never used to visit any unauthorized sites or to do surfing. Ensure you buy an original operating system that gets regular updates for your computer. Also install a good antivirus like McAfee, Kaspersky or Norton. Always renew them on time. Do NOT go for any FREE pirated software. Because there are NO free lunches in this world, unless you are a computer geek and wizard and you know how to crack the software codes.
Card Verification. Ensure you use a card that has Grid system behind it for verification. Or else opt in for Two Factor authentication using your mobile One Time Pin (OTP). Visa Cards come with an extra layer of security VerifiedByVisa, which is an online password verification. Mastercard too has something similar. NEVER share your PIN and password with anyone esp on phone. NO bank ever asks you for it. If someone claims to be from the Bank and asks for it, be rest assured the person is NOT from the Bank.
E Wallets. E Wallets like Paytm have become essential today as there is no ready cash or change available. Keep very less cash in your E Wallet. Load just before you go out to shop. You may use the Govt App BHIM instead.
Two Bank Accounts. Some of the intelligent people have two bank accounts. They put their life savings in one. They use the other loading it regularly with minimal amounts and use the credit and debit cards linked to this second account. Should an online fraud take place, they do not lose much money.
Times are changing and we have to change with time. You have to be part of the internet revolution. At least after the DeMonetisation, you are forced to be.
On this New Year, Wishing you to Stay Safe, Secure and Never Sorry in the online world.