Phishing : Why Do People Fall Victim to Phishing?
Phishing is one of the most common and effective techniques used by cybercriminals. Every year, millions of people fall into this trap and lose their personal, financial, and sensitive information. The question arises: why do people fall victim to phishing? In this blog, we will discuss the main reasons why people fall prey to phishing attacks.
Psychological Manipulation
Cyber criminals deeply study human psychology and take advantage of emotions like fear, greed, curiosity, and empathy.
Fear and Urgency
Criminals send emails or messages saying that your bank account is about to be closed, or that legal action has been initiated against you. Example: A person received an email from the bank saying that their account was about to be closed, and they needed to log in immediately. When they logged in, all their information was stolen, and cyber criminals made withdrawals from the accounts.
Often, criminals create pressure by giving false accusations, incorrect information, or fake news, such as a family member's accident, bank account closure notice, or legal threats. People share their information without thinking due to fear. Example: "Your son has had an accident, send money immediately."
Other examples:
A Goa employee was cheated of 9.32 million rupees via WhatsApp. The victim received messages from a number with the chairman's name and photo.
A tech employee in Bengaluru was scammed of 110 million rupees by criminals posing as customs and ED officers. The accused obtained the victim's Aadhaar, PAN, and KYC details by threatening arrest for money laundering.
A businesswoman in Hyderabad was defrauded of 36 million rupees in a 'Digi Arrest' scam. The criminals, posing as police officers, threatened her with money laundering and smuggling charges. They asked her to hide in a hotel, where she stayed alone for two days.
Greed and Fake Rewards
Messages like "You have won the lottery" or "You are getting a huge discount" tempt people to share their sensitive information.Example: In 2020, someone received a fake email saying "You have won the lottery" and was asked to share their bank details.
Other Examples:
In Hamirpur (HP), a retired officer lost 8.2 million INR in an online share trading scam. Cybercriminals tricked him through Facebook links and WhatsApp groups, promising a 1,200% return on investment.
Curiosity and Attractive Offers
People are lured into clicking on unknown links, such as "See who has stolen your photos!" or "Your account has been hacked, check immediately!" Example: A woman received a message saying "Your account has been hacked, check immediately!" and when she clicked the link, her information was stolen.
Other Examples: In a phishing attack, personal data of 92,554 Transak (fiat-to-crypto payment gateway) users was leaked. The hacker accessed a KYC vendor's system by hacking into an employee's laptop.
Lack of Technical Awareness
Many people are still unaware of the basic principles of cyber security, making them easy targets for phishing attacks.
Not knowing the difference between real and fake emails: People don’t know how to examine email headers and URLs.
Unable to identify spoofing and cloned websites: Criminals create fake websites that look exactly like real ones to steal login information.
Not understanding the difference between HTTPS and HTTP: Many people don’t know that secure websites use HTTPS.
Haste and Carelessness
Busy lifestyles cause people to open emails or messages without checking.
Inability to differentiate between genuine messages from companies and phishing messages.
Not paying attention to the URL before clicking on a link.
Exploiting Trust
Cybercriminals deceive people by imitating trusted institutions and familiar individuals.
Imitating banks, governments, and well-known companies: Criminals send fake emails in the name of banks and companies.
Using social engineering: Phishers often imitate friends, family, or colleagues to request sensitive information.
Multitasking and Distraction
When people are doing multiple tasks on their mobile phones, they don’t carefully check phishing emails or messages.
In a hurry, they share sensitive information or click on fake links.
Lack of Updated Security Measures
Using outdated antivirus software or security patches makes it difficult to prevent phishing attacks.
Not using two-factor authentication (2FA) makes accounts easily hackable.
Excessive Use of Social Media
Cybercriminals gather personal information from social media to send more believable phishing emails.
People easily fall into traps like "Click this link to see who viewed your profile."
Awareness and Participation
This blog has provided valuable information about cybersecurity, but it is equally important to recognize your responsibility. Stay vigilant to protect yourself, your family, friends, and your social circle from cyberattacks and cybercrimes. Share this blog with your friends, family, and community to spread awareness. Regularly update yourself on cybersecurity information and make others aware of it. Let’s work together to create a secure digital India.
Phishing is not just a technical problem but a strategy that cybercriminals use to exploit psychological and social weaknesses. People fall for phishing scams because they get carried away by fear, greed, curiosity, or lack of attention. A lack of technical awareness and digital security measures also makes it easier for criminals.
To prevent this, we need to adopt vigilance, cyber security awareness, and technical measures. In the next blog, we will discuss how to avoid phishing and where to report such cases.
Call to Action:
Contributors:
Authors: Gagan Deep & Saminder Kaur