Every day, your mailbox is flooded with numerous emails—personal mails, subscription mails and junk mails. While the spam filter takes care of most of the unwanted junk, there are a few which make it to your inbox. According to the latest report by global security solutions provider Symantec Corp., India generates the maximum number of spams and phishing mails among Asian countries. Phishing mails take you to fraudulent websites. While the easiest way to deal with these emails is to simply ignore, there are a few that will deceive you, entice you, even humour you, and if you bite the bait, ultimately make you a fraud victim or worse, even a criminal. Himanshu Srivastava, vice-president-strategy, Techprocess Solutions Ltd, a company that provides technology and online payment services to businesses, says, “There are basically two types of frauds. The technology-enabled and the social engineering frauds. Social engineering is a type of fraud where people are manipulated into divulging confidential information rather than by breaking in or using technical hacking techniques. Around 99% cases of frauds occur by the social engineering route. Lack of awareness is one of the prime reason.”
Four kinds of emails to ignore.
Click on this link or lose your account
These work on creating panic in your mind and pushing you into hitting the click button on a link in an email that will take you to a fraud site. Phishing mails ask you to provide personal information. Like the mail that many people got that claimed that the income-tax department wanted to give a tax refund and asked for personal information along with bank and credit card details. This is a typical example of a phishing mail. Says Srivastava, “Phishing emails look and feel very convincing as if your bank has sent you an email. Usually the emails say ‘if you don’t update your personal details within 24 hours, your account will be deactivated.’” You think that the bank is updating details and all you need to do is click that link and fill some details. But do that and you are in trouble. The click will take you to a page that looks like your bank’s website, it is actually the fraudster’s site. You are asked to fill details such as bank account, credit card details, personal identification numbers (PINs) and passwords. You’ve just handed over your credit card and all the money in your net-banking account to a cheat. Worse, loans can be taken in your name among a whole set of illegal transactions that are possible. Get ready for hours lost in regaining your financial life. In fact, the income-tax department had to put an alert notice on its website: “The income-tax department does not send emails regarding refunds and does not seek any information regarding credit cards of taxpayers. And people should not respond to such emails.” If you got such a mail send it to firstname.lastname@example.org. in. Phishing mails not linked to income-tax can be sent to email@example.com
Illustration: Shyamal Banerjee/Mint
You’ve just won £50,000
Give in to greed on the net and you will suffer. These fraud emails say that well-known multinational companies gives millions of dollars or pounds as cash via a lottery. For instance, an email which a co-worker at Mint received stated that she had won prize money of £1.5 million in an online lottery. According to the email, the company selects a few lucky people every month as their winners through electronic balloting system without the winner applying. To claim the money she needed to provide all her personal details. Respond to such offer and you will have them asking for a hefty sum (which actually looks like peanuts in front of the winning amount) to take care of taxes and handling charges so that the winning amount could be transferred to your account. Mayur Joshi, CEO, Indiaforensic.com, a financial fraud investigation company, says, “Generally, these emails have African origin, usually, Nigeria. Initially, once you paid the handling charges, the fraudster used to vanish with the money. But now they have evolved and there have been cases where the Nigerian fraudster, along with a local accomplice, visits your house, with a metal box containing the sample notes of your win. To open the password-protected box, you have to pay another fee. Inside, the box are chemically treated notes which can be made into normal notes using a chemical the fraudster provides. Another fee here. Once you do that, the notes can easily be exchanged, since these are genuine notes. To get the whole winning money, you are asked to pay more fees at every stage.” This absurd cycle continues for around four months and you have already lost around Rs1 lakh in the process. Joshi further adds: “The Pune police has a case where a certain individual paid as much as Rs27 lakh to claim an email lottery of a few crore rupees.” One must realize, that these activities are illegal and not permitted by law. In fact, the Reserve Bank of India (RBI) has clarified that remittance in any form towards participation in lottery schemes is prohibited under the Foreign Exchange Management Act, 1999.
The audacity of fraudsters has reached such levels that they even issue fraud letter in the apex bank’s name. RBI has stated on its website: “The fraudsters have now resorted to issuing certificates, letters, circulars on letterhead that looks like that of the Reserve Bank of India’s and purportedly signed by its executives/senior officials to make such offers look genuine. The fraudsters also convince the victims by impersonating as senior officials of the bank with telephone numbers and/or fictitious email IDs. Many fraudsters have even opened accounts with banks in India and advised public to deposit money in these accounts towards various charges, taxes, duties, etc. Once the money is deposited in their account, people mailing such offers withdraw the money and then vanish. The victim thus loses the money already paid.”
I need help from a repressive regime
Then there are request for help emails that beseech for help in someway and in return promises to give you a small commission or a reward. Usually, the fraudster claims to have access to several million dollars and wants you to help him or her take this money out of his country. All they need for you to do is send your bank account information and some advance fee to pay for the cost of the transfer of funds. But the enormous reward in foreign currency never arrives. Another version is when you inadvertently open a fraudsters email. That way they get access to all you contacts in your email account.
Joshi says, “The fraudster sends an email to all your contacts stating that you or your relative is travelling abroad and lost all money in travel, and they (your contacts) should make a small fund transfer in the account number provided in the email.” Fall for such cry for help and you could very well lose money.
Read this emergency drill mail, while I infect your computer
The last type of emails are the ones that pass on misleading information.
An email, that’s been doing the rounds for last one year or so is the one that tells you how you can alert the police using the automated teller machine (ATM) in case a thief enters while you are using the machine. According to the email, if your ATM PIN is 1234 and you punch it in reverse, that is 4321, an alarm alerts the nearest police station and help will be on its way. K.V.S. Manian, group head—consumer banking, Kotak Mahindra Bank Ltd, says, “All such emails are humbug and customers must ignore them. In fact, when banks have any facility, they always communicate to the customers using various modes. They don’t need such email forwards to communicate.” As harmless as these emails may seem, what they do is give misleading information. And as a matter of principle, they should not be forwarded. Not to mention that such emails could be full of viruses and your system could be infected with spyware, a software that allows someone else to read data on your machine and control it. No prize for guessing what happens next.