How to Detect a Phishing Email

Suspicious links. Avoid phishing scams
How to Detect a Phishing Email
4 min read
13 Apr 2023

“Dear Customer,
There were multiple attempts to log in to your BjajFinsrv account. For your security, we have blocked access to your online EMI Card account. To reactivate please visit https://bjajfnsrv.com/activate.”

Each day our inboxes are flooded with numerous such emails that indicate a sense of urgency. Many of these emails may look innocuous and quite a few come across as advertisements or offers from banks, insurance companies, and financial institutions that we deal with regularly. Most of these, unfortunately, are phishing attempts that put our finances at risk.

What is a Phishing Email?

Phishing is one of the most common types of cyber-crimes in India. It involves the use of genuine-looking advertisements or emails or even text messages to con you into divulging your personal or financial information.

Identifying Phishing Emails

  • Emails with genuine domain - One of the first things that will help you identify a phishing or malicious email is the domain from which it is sent. The use of misspelled domains or additional numbers in the domain should prompt you to be cautious
  • Generic mails - Most genuine companies reach out to their customers through emails. These emails, however, are specifically tailored to address your individual needs. They often address you by your first name and mention the last few digits of your account number. Generic salutations in emails from banks, insurance companies, and financial institutions that you don't usually deal with, could be phishing attempts
  • Unsolicited attachments – Email attachments are known to contain malwares that can read the user’s keystrokes or steal data. Stolen keystrokes maybe your bank password, PIN, credit card numbers, etc. Most legitimate banks, financial institutions, etc., do not force you to download e-mail attachments. Some genuine mailers could contain pictures or content about products as attachments, but these are usually visible for preview
  • Information disclosure – Financial institutions and banks NEVER prompt you to disclose account numbers, credit card numbers, usernames, passwords, or other valuable information through email. Any email that asks you for these details, could be a phishing attempt
  • Poor composition – Phishing emails are often poorly composed with incorrect spellings and inconsistent details. If you have doubts about the mail you just received, look up the address, contact details, website URL mentioned in it and check against the registered contact information
  • Always validate sender’s email address – Since only the name of the company is visible on mails received on mobile inboxes, it’s pertinent you scrutinise the sender’s email address before engaging with it. For example, if you receive a phishing mail in the name of Bajaj Finserv as “Bajaj Finserv Limited ”, the name of the company may be spelled correctly but the email address is wrong. Be wary of such email IDs/addresses before responding to them

What to do With Suspicious Emails

  • The best way to deal with suspicious emails is to delete without opening them
  • If you are unsure of an email’s validity and wish to read its contents, scan it carefully and look out for all the above-mentioned pointers
  • Do not download attachments without scanning them for possible malware
  • Never respond or reply to suspicious emails
  • Most email services such as Gmail provide you the option to block or report spam. Use these options judiciously
  • Flag or report the links inside your email that look suspicious. Google Chrome users can report such links here
  • If you receive a phishing email that looks like it came from a bank or an entity that you know or trust, report the email to the organisation

What to do if You’ve Taken the Bait

If you suspect that you have been phished, here are some things you must do –

  • Change passwords of the email account as well as your banking and financial accounts
  • Inform the credit card company or your bank and block your card to prevent further transactions
  • Report to the cybercrime portal or the cyber cell of your local police
  • Register an FIR at the nearest police station
  • For any such queries, visit https://www.bajajfinserv.in/reach-us

Most phishing attempts can be easily foiled with a little bit of caution. Your financial security is your responsibility.

Savdhaan Rahein. Safe Rahein.

Disclaimer

1. Bajaj Finance Limited (“BFL”) is a Non-Banking Finance Company (NBFC) and Prepaid Payment Instrument Issuer offering financial services viz., loans, deposits, Bajaj Pay Wallet, Bajaj Pay UPI, bill payments and third-party wealth management products. The details mentioned in the respective product/ service document shall prevail in case of any inconsistency with respect to the information referring to BFL products and services on this page.

2. All other information, such as, the images, facts, statistics etc. (“information”) that are in addition to the details mentioned in the BFL’s product/ service document and which are being displayed on this page only depicts the summary of the information sourced from the public domain. The said information is neither owned by BFL nor it is to the exclusive knowledge of BFL. There may be inadvertent inaccuracies or typographical errors or delays in updating the said information. Hence, users are advised to independently exercise diligence by verifying complete information, including by consulting experts, if any. Users shall be the sole owner of the decision taken, if any, about suitability of the same.