Phishing Between The Lines: Don’t Get Hooked by Chats!

Cybercriminals are always finding new ways to trick people into revealing sensitive information, and one of the latest tactics involves phishing scams on messaging platforms, including WhatsApp. Fraudsters are impersonating banks and other trusted organisations, using convincing messages to steal personal and financial information.

How It Works

Scammers create messaging accounts that appear legitimate, often using an organisation’s logo as their profile picture and a display name similar to that company’s official name. They then send messages claiming to be from the company, warning of urgent security issues, requesting verification of your account details or offering exclusive deals.

The messages may include personal information that fraudsters have obtained from sources such as the dark web , social media, or previous data breaches, making them appear more convincing. They may also contain a link to a fraudulent website designed to look identical to the company’s real website, where victims are tricked into entering their login credentials, card details, or other sensitive information. Once scammers obtain this data, they can access accounts, make unauthorised transactions, or commit identity theft.

How to Spot a Fraudulent Account

• Unverified or unfamiliar numbers – Legitimate organisations typically use official, publicly listed contact numbers. If you receive a message from an unexpected or personal-looking number, be cautious.
• Urgency or threats – Scammers often create a sense of panic, pressuring victims to act quickly by claiming immediate action is required.
• Unsolicited links or messages – Fraudsters frequently send links leading to fake websites designed to steal personal information. On messaging apps, like WhatsApp, a suspicious link may display a warning, or the URL might have extra characters, misspellings, or an unusual domain.
• Requests for personal or sensitive information – Legitimate companies will never ask for passwords, PINs, one-time passwords (OTPs), or personal details via messaging platforms. Any request for this information is likely a scam.
• Spelling and grammatical errors – Fraudulent messages often contain awkward phrasing, missing words, or poor grammar.

 How to Protect Yourself

• Verify requests
• Never share sensitive information
• Avoid clicking on unfamiliar links
• Check for spelling and grammatical errors
• Monitor your accounts regularly
• Enable two-factor authentication (2FA) where possible
• Report and block fraudulent accounts

What to Do If You’ve Been Targeted

If you receive a suspicious message or suspect you have interacted with a fraudulent account, take immediate action. Report the fraudulent number or account to the platform and notify the appropriate authorities to help prevent further scams.

If you shared sensitive banking details, ensure you:

• Contact your bank to report the incident and secure your account
• Change your passwords
• Monitor your bank statements for any unauthorised transactions.

JN Bank members can contact our Member Care Centre or visit their nearest JN Bank branch immediately to report fraudulent activities. Our Member Care Centre can be reached toll free at 888-991-4065/6 24 hours every day including weekends and public holidays.

By spotting red flags and practicing strong digital security habits, you can protect your personal information and keep your conversations secure. Cybersecurity is also a shared responsibility, so don’t keep what you know to yourself. Educate your colleagues, family, and friends about the risks of social engineering attacks so they too can stay protected.

The dark web is a hidden part of the internet that isn’t accessible through regular search engines like Google. It requires special software to access. While some people use the dark web for privacy and anonymity, it is also a hotspot for illegal activities, including the buying and selling of stolen personal data, financial information, and hacked accounts. This means that if a company experiences a data breach, criminals may sell or share that stolen information on the dark web, which scammers can then use to target people with phishing attacks and fraud.