Phishing Attack and Social Engineering
Phishing is a form of social engineering that uses malicious emails, phone calls, instant messages to obtain personal information such as credit card numbers, bank information, or passwords from trustworthy individual/person/personnel from a legitimate organisation
Identifying Phishing scams:
- Request for login credentials and OTP – As part of Boost’s security protocol and safeguarding your finances, Boost will never request your login credentials and OTP. Therefore, no other parties shall request the same.
- Generic greetings - If it’s too generic, it didn’t come from a professional company for e.g., ‘Hi Dear’; ‘Hi Sir’. Boost will only greet with your registered name with Boost.
- Sounds too good to be true - You just won a prize without entering any contests. False offers of awesome deals or unbelievable prizes are commonly used by cyber criminals to encourage victims to act immediately.
- Spoofed linksand malicious attachments– Check the email content and its attached link properly before clicking on the link. Inspect if the information, such as email address, message body, links, are inconsistent or misspelled. If you suspect that an email message is a scam, don’t open any links or attachments that you see.
- Requesting an urgent response – Be wary of emails and SMS content with fake offer or claims to trick recipient into clicking or open an attachment immediately. Malicious criminals instill anxiety, fear, and urgency to prompt you to take impulsive reactions
- Requesting personal information – Official bodies and legitimate businesses don’t ask customers to send important & sensitive personal info through email
- Poor spelling & bad grammar - Professional company will check thoroughly the grammar and spelling. Misspelling is a big red flag.
Here are some best practices and safety tips to mitigate the related fraud risk:
- Do not open suspicious text, pop-up windows or click on links or attachments in emails/SMS/WhatsApp from unknown sources
- Do not respond to email/SMS/WhatsApp requesting for your personal or ewallet details, including OTP and login details with any third party. Boost will never request your login credentials and OTP.
- Do not fall for unrealistic deals – you should be suspicious of the offer if it seems too good to be true.
- Never share your credentials, transaction PIN and one-time password (OTP) with anyone under any circumstances. Boost will never request your login credentials and OTP.
- If you come across any suspicious emails, calls, or text messages claiming to be from Boost, please contact us at firstname.lastname@example.org for verification.
- Disconnect from the call/SMS/WhatsApp immediately if you find it suspicious
- If you accidentally shared your card/online banking information, block your card immediately by calling respective bank and lodge a police report
- Always verify the security image & phrase displayed in your online banking. Do not enter your password if the image/phrase does not belong to you.
- Always read the full SMS TAC content before keying in the TAC number
- If you shared Boost login credential, please reset the password and PIN immediately
Malware is a malicious software designed to take over your browser, computer system or mobile devices. Cyber-criminal uses malware to steal your personal details including name, ATM Card number, PIN, username and password.
Here are some safety tips on how to protect yourself from Malware scams:
- Do not install any app or .apk file from unknown sources. It could be a malicious program that is designed to take over your personal details and transaction credentials
- Do not tap on ‘Allow’ for any unknown application seeking permission to access your SMS. If you tap on ‘Allow’, it can send or view your SMS, TAC or OTP to perform transactions from your financial accounts
- Do not root or jailbreak your mobile devices
- Do not click on any link or open attachment from a source that you are unfamiliar with.
- Do not access to malicious and invasive websites. g., pirated sites, invasive pop-up, click bait sites and random malicious program download
- Do not enter your personal login credentials or make online payments on a public shared computer/network
- Do not enter your bank details / personal information in suspicious apps or websites
- Do not make any transactions on site that are non-encrypted. The lock symbol and related URL containing https://” means that the connection between web browser and the website server is encrypted
- Install anti-virus/malware software
- Always update the operating system and application on smartphone and browser, to avoid any malicious exploit of security vulnerabilities in outdated version
- Only download apps from official App store, Play Store or Huawei AppGallery
- Be wary of websites before performing any transaction, verify if the website is secure by checking the URL and using HTTPS