WPAI Advisory: Beware of the latest phishing scam to hit the social media scene. And this time, it’s targeting wedding photographers.
Remember the idiom wolf in sheep’s clothing? Well it’s an excellent time for a refresher course. If you thought that it was just an overprotective warning by our elders for when we were young and naive, think again. As grown-ups, we tend to believe that we are older, smarter and wiser and cannot be hoodwinked by anyone. But is it true? Are we “too-wise” and can we really avoid being tangled up in the web woven by impostors?
One of the alarming occurrences that has brought all this introspection to light is the recent spate of Voice Phishing attacks. But what does this have to do with the wolf and the sheep? Let’s find out, shall we?
What in the world is this Voice Phishing?
For the uninitiated, Voice Phishing is a fraudulent and unethical practice of obtaining financial and confidential information from the gullible public over the phone.
Traditionally, the aim of phishing has been to take control of an individuals bank account, credit card or other financial avenue. Like every good con, phishing and voice phishing rely on the art of manipulation and instilling fear in the targets – with the aim of extricating confidential information from the victims. In the case of bank accounts and credit cards, the caller poses as a bank/credit card company employee to inform the target that their account or card has been compromised and that they need to share their CVV or OTP to be able to regain control. This gives the fraudster control and allows them to abuse the account or card to the extent of their greed.
So what? How does this bother Wedding Photographers?
Well, the very same template has now been applied to social media. With the increasing use of social media platforms like Facebook & Instagram by wedding photographers to promote their business and get assignments, these fraudsters have discovered a new kind of target. The targets are those wedding photographers with large followings on social media, be it Facebook Pages, Instagram or Twitter. The community is abuzz with this latest scam and many WPAI members have also been contacted.
The aim is to take control of the social media page, then hold it to ransom and extort money from the photographers. These fraudsters call and harass photographers, try to instil fear and threaten them to get what they want.
Wolves in sheep clothing – how do they hack social media accounts?
The most common approach that we have experienced, personally, and heard about from our members is that the scammers call and impersonate an officer from the Cyber Cell of Bombay Police. They speak with utmost authority and do their best to convince you that your social media channel has been compromised – that since the channel is generating spam and unacceptable content for the general public, the target should report to the Police Station or else their account will be forcibly shut down. Unless the target agrees to let the Cyber Cell investigate and re-set the account. Having instilled a sense of fear and insecurity in the target, who fears that their account will be shut down leading to loss of existing following as well as potential business, they are only too happy to provide the OTP on their phone. This OTP is the code generated to reset the account by clicking on “Forgot Password” option.
The scammers are so convincing that they leave no stone unturned, to the extent of caller ID spoofing so that even their True caller ID read as ‘Cyber Cell’ and the victim does not doubt scammer’s identity. As soon as the target shares this private information, the scammer takes over the account. Only then do the scammers show show their true colours by holding the account hostage and blackmailing victims to pay ransom in order to gain access to their page.
(Hindustan Times covered a version of this in their paper last week. Read the full article here.)
As a wedding photographer with a huge social media following, if you’re not worried then you definitely should be.
Fishing is relaxing while Phishing is most definitely not – how to save ourselves?
So, what can we do to avoid being taken in by this ingenuous phishing scam? Half the battle is in awareness and being just a little cautious. As a community of wedding photographers, we reckon that it is our duty to make sure everyone in the wedding photography business is in the know of this rampant fraudulent activity. Here are a couple of pointers to help avoid becoming the latest victim.
Be aware, wolves ahead: The first and foremost thing is for you to be aware of this latest scam. As a community, we need to be vigilant and keep a hawk’s eye on all the latest developments in this regard. This article has been an attempt in this direction and we would love for you to share this with your friends within the community.
Suspicion and vigilance are (sometimes) a good thing: Now that you’re aware, be suspicious and vigilant. Don’t take any such calls at face value – do your best to verify them. Ask informed questions; try and get hold of a landline number you can call back; ask which Police Station they are calling from and find the landline number online to call back through the switchboard; we’re told that sometimes the scammers can hold up the line and direct our calls so try calling from another number/device.
Use the smarts on your smartphone: Install True Caller on your phones. Having spoken to a lot of photographers who have faced this, some of these numbers are already showing up as “Facebook spammers” on True Caller. In case it doesn’t in your case, then make sure you mark the call as spam so it can help others. You can also use call recording apps (like Call Recorder ACR or Galaxy Call Recorder) on your phone to record calls that you think are suspicious – this can help in case you want to report it to the actual Cyber Cell yourself.
Play it smart: Avoid imparting any confidential information. Just like a bank or credit card would never actually ask you to give out personal or confidential information like PINs, CVVs and OTPs over the phone (note that even on IVRS while talking to customer support, you have to enter your own information using the keypad and not recite them to the customer support executives), reputed social media platforms, cyber cell officers or their representatives would never ask you for passwords and OTPs over the phone. Even if you are convinced that the call is authentic and legit, don’t give out the information over the phone. Arrange to meet at the police station or cyber cell office to discuss further. Verify the address of the office online before proceeding there.
Keep calm and carry on: Despite everything, if a scammer has managed to gain control of your account, don’t give in to their demands. Use logic and not fear. Contact the police or cyber cell and make a report, asking them to investigate and take action. Alongside, get in touch with your friends, clients and associates offline and let them know that your accounts have been compromised and that they should ignore any spam coming from it. Take their help to spread the word and have your account officially blocked using the proper channels available.
Maintain your dignity and become a champion of the wedding photography community
Most importantly, don’t forget that in todays day and age, these things do happen and people do understand. Phishing, hacking and manipulation are common occurrences and people will not judge you for falling pray to these scammers.
That doesn’t mean that you should ignore the warning signs and stick your head in the sand. Do your part. Be vigilant and spread the word – help warn your friends and peers from the community. If one of them falls prey, support them and help them do what is needed to minimise damage and recover their account.
Remember that we are stronger together.
Tagged In: Voice Phishing, Voice Phishing with wedding photographers, Wedding photographers, social media hacking, Social Media Scam, Cyber Cell Bombay, WPAI Advisory, Community Messages, Stronger Together
Posted In: Tips & How-Tos