A practical encounter with Fraud and being Vigilant helped to stop it from happening...
Last week, while I was engrossed in work, I got a new friend request from an old colleague, on Facebook. I was happy that he remembered me after a long time – I accepted the friend request. Soon after he pinged. I took some time to complete my work and then thought of having a conversation with him. So, I messaged back and the chat began.
Hardly 2 minutes into the chat, he asked for a favour. He requested me to transfer some amount through GPay to a phone number of his friend, since he himself is in the US, mentioning it is urgent. At this point I felt little suspicious – why after years of no contact, suddenly someone would send a friend request and ask for favour. I was doubtful, so I asked him a few questions about the need. I observed that his way of messaging did not match his way of speaking at all, plus poor English. My suspicion increased – I feel this is a result of the practice of vigilance inculcated through multiple security trainings at my organization – I observed two things here: Sense of urgency (Emotional Motivator) and Incorrect language, some of the pointers usually related to phishing. To confirm, I checked up and found that there is already an account with the same name who is in my friend list. Now, I was pretty sure that it is a case of Pretexting. To confirm further, I replied to the person that the payment had failed due to some error. And guess what – (S)he asked me to send the screenshot as a proof! I was 100% sure now that it is an attempt to fraud.
My immediate next step was to inform my colleague about this. Here comes the other pointer from security trainings – when in doubt, contact the sender through a different communication channel. I did so – I found out his number from other colleagues and then informed
him about it. He was grateful, and within the next half an hour the forged account no longer existed.
Being vigilant helped me detect a fraud and not falling prey to it. It sometimes become overwhelming to go through such security related trainings and tests (mock phishing) every few weeks, but now I realized the power of practice that helped me develop a habit unknowingly.
Comments