“If you do not provide your personal data by the end of the week, your account will be blocked.” – If you receive a message like this, you’d think twice before updating your information. Read the URL (web address) carefully and see if it is from the right service provider.

Cybersecurity experts have found a sustained phishing campaign on the computer networks of Indian businesses to steal financial information. 

Phishing, or a website that mimics a popular or reliable website, is one of the oldest techniques employed by hackers. 

Fraudulent resources

‘Financial phishing’ is a type of phishing which refers to fraudulent resources related to banking, payment systems and digital shops. Payment system phishing includes pages impersonating well-known payment brands.

While phishing persuades the users to take action, giving the hacker access to your device, accounts, or personal information.

“There were about 75,000 financial phishing attempts where hackers prompt users to click phishing links that are related to financial matters with connections to e-commerce, banking, and payment systems,” a Kaspersky study said.

“By pretending to be a person or organisation the users trust, they can more easily infect the victim with malware or steal their information,” it said.

“Financial phishing messages usually take the form of fake notifications from banks, providers, e-pay systems and other organisations. The notification will try to encourage a recipient, for one reason or another, to urgently take action and update their personal information,” it said.

Personal data

The scammers usually use the fear technique to convince the users to share their confidential financial and personal data by providing a seemingly important reason. Such messages usually contain threats to block an account if a recipient does not fulfill the requirements therein. 

“These kinds of messages generally push the recipients to act and should be considered as a red flag before taking any action,” Jaydeep Singh, General Manager for South Asia at Kaspersky, said.

From January to December last year, Kaspersky solutions detected and blocked a total of 74,994 financial phishing attempts targeting companies of various sizes within India. The statistics reflect clicks on phishing links placed in various communication channels, including emails, fraudulent web sites, messengers, and social media.

“With the rise of generative AI, it becomes easier for cybercriminals to create more convincing phishing messages, making financial phishing more prevalent. Threat groups also use these tactics to deceive employees and then crack into the corporate networks,” he said.

“Our recent study even showed 1 in 4 (25%) cyber-incidents against businesses in India were due to employees intentionally violating security protocol. Tools to help safeguard against human error are a vital step forward, but they can’t exclude employee education, skills development, and overall strengthening of the company’s ability to detect and respond to cyberattacks,” he said.