Recently, Swiggy has launched ‘Swiggy Go’, its pickup and drop service to send packages anywhere in the city. Bengaluru has become the first city to experience world class experience of its services. The company has planned to expand its services over 300 cities.
The service made it to the news within a week of its launch and it was not for any good reasons. An unfortunate event came to light when a woman filed a complaint in the Baiyappanahalli police station under the IT Act. As per the complaint, the woman was the victim of a vishing attack.
How did the woman became the victim of the vishing attack?
The victim decided to sell her phone online on the OLX website. Soon, she found a prospective buyer who was ready to buy phone from her online. The buyer promised to pay the money for the phone online, however, it could not be delivered to the buyer. The delivery address was incomplete, and she had placed the order with her son’s mobile number. It was found that when another Swiggy executive tried to contact her on her son’s phone number, it was not reachable.
To resolve this situation, the victim tried finding Swiggy Go customer care number on the internet and when she placed the call, the person on the other end asked her to place another order by paying Rs 3 via a link sent to him. As soon as she clicked on the link, she was asked to provided her bank details which also included the UPI PIN that too to five different numbers.
After certain time, she received a message from her bank informing her that her account has been debited with Rs. 95000 and when she made the call the apparent Swiggy Go helpline, the provided number was not reachable.
How can we prevent ourselves from vishing attacks?
- Never provide your sensitive, confidential and personally identifiable information over a phone call since you can never confirm the identity of the person on the other end.
- Do not oblige to requests that ask you to change logins, passwords or network settings over phone calls.
- No bank or financial organization will ask for confidential information such as your OTP, PIN or account details over the phone.
Cyber attackers are social engineers and they are experts at manipulating people. Therefore, it is important to know about the tactics that are used by social engineers to manipulate people. Kratikal’s flagship product ThreatCop helps in creating awareness and training about various cyber threats.
This involves a four-step cycle including simulated cyber-attacks that are based on real life cyber threats, awareness that helps in learning about the various methodologies of cyber attacks and assessment that helps in retaining the acquired knowledge about such threats. This is done with the help of questionnaires.
With the increasing sophistication in the social engineering techniques, cyber attacks are becoming more advanced. Therefore, it is important to prepare yourself against such threats with periodic awareness training over regular intervals.