1️⃣ PHISHING
🔹 Simple Definition
Phishing is a cyber-fraud technique where attackers send fake emails/messages/webpages to trick users into sharing confidential information such as bank account numbers, passwords, PIN, CVV, ATM details, or OTP.
🔹 Key Features
- Uses emails, SMS, fake websites, social media messages
- Appears to be from banks, RBI, NPCI, e-commerce, or government
- Creates fear or urgency (e.g., account will be blocked)
- Contains malicious links or attachments
🔹 Common Phishing Examples
| Example | Description |
|---|---|
| Fake KYC update | Email/SMS asking to update KYC or account will be blocked |
| Fake bank alert | “Unusual withdrawal detected – click to verify” |
| Lottery / Refund mail | Claims winning prize or refund from tax/e-commerce |
| Fake UPI/Wallet link | Fake link to receive payment |
2️⃣ VISHING
🔹 Simple Definition
Vishing (Voice Phishing) is a fraud where criminals call on phone pretending to be bank officials / RBI / police / insurance / KYC support and ask for confidential details like OTP, card number, CVV, PIN, UPI PIN, etc.
🔹 Key Features
- Happens through phone calls / IVR / automated voice
- Criminals pretend to represent Bank / RBI / Police / Income Tax / Telecom
- Use fear or urgency (SIM block, KYC expiry, PAN suspension)
🔹 Common Vishing Examples
| Example | Description |
|---|---|
| Fake KYC expiry call | Caller demands OTP to update KYC |
| Credit card upgrade | Asks CVV & OTP to “increase limit” |
| Fake police/RBI call | Claims account involved in suspicious activity |
| Loan / Insurance fraud | Promise quick loan or high-return policy |
3️⃣ DIFFERENCE BETWEEN PHISHING & VISHING
| Feature | Phishing | Vishing |
|---|---|---|
| Mode of attack | Email / SMS / website | Voice call / phone |
| Contact method | Digital / written | Direct verbal |
| Data theft style | Malicious links & attachments | Asking OTP/PIN/CVV verbally |
| Example | Fake KYC SMS | Fake KYC call |
4️⃣ HOW BANKS HANDLE SUCH FRAUDS?
✔ Banks never ask for OTP / CVV / PIN / Password / UPI PIN
✔ Awareness messages via SMS/email
✔ Reporting channels for fraud
✔ Real-time fraud monitoring systems
✔ NPCI, RBI – Digital Payment Security Guidelines
5️⃣ RBI & GOVERNMENT INITIATIVES
| Initiative | Purpose |
|---|---|
| RBI Ombudsman Scheme | Customer complaint redressal |
| National Cyber Crime Helpline 1930 | Report digital frauds |
| CERT-In | Cybersecurity monitoring |
| Cyber Swachhta Kendra | Malware cleaning tools |
| Digital Payment Security Controls 2021 | Protect UPI/IMPS/NEFT transactions |
6️⃣ PREVENTION & SAFETY TIPS
- Never share OTP, CVV, ATM PIN, Password, UPI PIN
- Do not click unknown links
- Check website starting with HTTPS
- Use official bank apps only
- Block/report suspicious numbers immediately
- Keep antivirus updated
- Use multi-factor authentication
- Verify caller identity before sharing details
🔥 Most Important Notes
- Phishing = Email Fraud | Vishing = Voice Call Fraud
- Banks / RBI / NPCI never ask for OTP, UPI PIN, Password, CVV
- Cyber Crime Helpline: 1930
- Report fraud on: www.cybercrime.gov.in
- Cyber Security agency of India: CERT-In
- Social Engineering = Manipulating people to steal data
- KYC update fraud is the most common recent phishing scam
🧠 Quick Memory Tricks
| Trick | Meaning |
|---|---|
| PV = Problem Via communication | P-Phishing (email), V-Vishing (call) |
| NEVER – OTP CVV ATM PIN | Never share OTP, CVV, ATM PIN |
📌 Visual Summary
| Point | Phishing | Vishing |
|---|---|---|
| Meaning | Fake email/SMS | Fraudulent call |
| Target | Digital users | Phone call receivers |
| Tools used | Links, attachments | Voice pressure, fear |
| Sensitive info stolen | Card, ATM, NetBanking | OTP, CVV, PIN |
| Example | Fake bank website | Fake bank call |
📝 Chapter-wise Summary
Chapter 1 – Concept
- Cyber fraud through tricking customers via messages & calls
Chapter 2 – Phishing
- Uses fake emails/SMS/websites to steal data
Chapter 3 – Vishing
- Voice-based fraud through calls pretending to be authorities
Chapter 4 – Prevention
- Customer awareness + Government helpline 1930
Chapter 5 – Regulatory
- RBI guidelines, CERT-In surveillance, Cyber Ombudsman Scheme
🎯 Expected Exam Questions
📍 CHAPTER 1: BASICS OF PHISHING & VISHING (10 MCQs)
Q1. Phishing refers to which type of cyber fraud?
a) Using malware in ATMs
b) Tricking users through fake emails or messages
c) Unauthorized ATM card cloning
d) Unauthorized cheque alteration
Answer: b) Tricking users through fake emails or messages
Explanation: Phishing uses emails/SMS/webpages to steal confidential info. 👉 (HIGHLY IMPORTANT)
Q2. Vishing primarily occurs through:
a) Fake mobile apps
b) Voice calls pretending to be officials
c) Skimming machines
d) ATM receipts
Answer: b) Voice calls pretending to be officials
Explanation: Vishing = Voice phishing using phone calls. 👉 (HIGHLY IMPORTANT)
Q3. The main motive behind phishing & vishing is:
a) Promote digital banking
b) Steal personal & financial information
c) Increase bank transactions
d) Improve KYC status
Answer: b) Steal personal & financial information
Explanation: Aim is data theft for monetary gain.
Q4. Which of the following information fraudsters mainly demand?
a) Mobile number
b) Branch address
c) OTP, CVV, ATM PIN, Password
d) Email ID
Answer: c) OTP, CVV, ATM PIN, Password
Explanation: Criminals need confidential banking data.
Q5. Phishing attacks commonly request:
a) RM feedback
b) KYC update through urgent link
c) Fixed deposit maturity info
d) Gold loan processing
Answer: b) KYC update through urgent link
Explanation: “Account will be blocked” urgency is common.
Q6. Which term describes tricking people psychologically to steal data?
a) Digital mining
b) Social engineering
c) Virtual computing
d) Cloud fencing
Answer: b) Social engineering
Explanation: Fraud using manipulation techniques.
Q7. Vishing calls often impersonate:
a) Tour operators
b) RBI / Police / Bank managers
c) Insurance agents only
d) Customer care of malls
Answer: b) RBI / Police / Bank managers
Explanation: They pretend high authority to create fear.
Q8. Phishing messages usually contain:
a) Debit card booklet link
b) Malicious link or attachment
c) Offer for passbook printing
d) ATM machine location
Answer: b) Malicious link or attachment
Q9. Fraud using SMS-based spoof messages is called:
a) Smishing
b) Flashing
c) Hacking
d) Backtracking
Answer: a) Smishing
Explanation: SMS + phishing = smishing.
Q10. Vishing attackers attempt to convince customers by using:
a) Emotional pressure
b) Health advice
c) Travel brochures
d) Lottery booking
Answer: a) Emotional pressure
Explanation: Fear and urgency build trust quickly.
📍 CHAPTER 2: ADVANCED CONCEPTS (15 MCQs)
Q11. The most common psychological tool used in phishing is:
a) Patience
b) Urgency
c) Silence
d) Politeness
Answer: b) Urgency
Q12. Fake websites used in phishing are mostly created to:
a) Increase webpage ranking
b) Capture login credentials
c) Display photos
d) Advertise banks
Answer: b) Capture login credentials
Q13. “Account will be blocked within 24 hours” is an example of:
a) Legal notice
b) Threat-based social engineering
c) Banking advisory
d) Credit limit update
Answer: b) Threat-based social engineering
Q14. Attack where hackers redirect website traffic to a fake site:
a) Pharming
b) Masking
c) Switching
d) Caching
Answer: a) Pharming
Explanation: DNS redirecting technique.
Q15. Spoofing means:
a) Speeding up computer performance
b) Pretending to be another trusted identity
c) Making internet faster
d) Compressing data
Answer: b) Pretending to be another trusted identity
Q16. Voice modulation in vishing is used to:
a) Increase call duration
b) Imitate authorized executives
c) Slow internet
d) Improve call clarity
Answer: b) Imitate authorized executives
Q17. The safest practice while receiving unknown calls is:
a) Share required details
b) Disconnect and verify via official helpline
c) Record the call
d) Save number
Answer: b) Disconnect and verify via official helpline
Q18. Smishing refers to:
a) SMS-based social engineering
b) Email cybercrime
c) Voice-based fraud
d) Card skimming
Answer: a) SMS-based social engineering
Q19. Which term describes online fraud using fake UPI payment links?
a) Credential stuffing
b) Payment phishing
c) UPI spoofing
d) Ransomware
Answer: c) UPI spoofing
Q20. Fraud call asking OTP to activate blocked SIM is an example of:
a) SIM card recovery
b) Telecom vishing
c) Network patching
d) Mobile cloning
Answer: b) Telecom vishing
Q21. Which attack targets employees to steal internal corporate data?
a) Spear phishing
b) Cloud breach
c) Network leak
d) File splitting
Answer: a) Spear phishing
Explanation: Customized phishing attacks.
Q22. Large-scale phishing campaign targeting many people:
a) Whale phishing
b) Bulk phishing
c) Mass phishing
d) Generic phishing
Answer: c) Mass phishing
Q23. CEO fraud comes under:
a) Whale phishing
b) SIM porting
c) Trojan malware
d) Password sniffing
Answer: a) Whale phishing
Explanation: Targets senior executives.
Q24. Bot-assisted automatic calling system used in vishing is called:
a) Auto dialer
b) IVR bot attacks
c) Auto messenger
d) Call generator
Answer: b) IVR bot attacks
Q25. Which fraud encourages clicking a link to receive free gift/lottery?
a) Ransom phishing
b) Reward phishing
c) Prize phishing
d) Money drop
Answer: c) Prize phishing
📍 CHAPTER 3: APPLICATIONS IN BANKING & REGULATORY FRAMEWORK (15 MCQs)
Q26. Banks never ask customers for:
a) Account number
b) Branch location
c) OTP / PIN / CVV
d) Passbook status
Answer: c) OTP / PIN / CVV 👉 (HIGHLY IMPORTANT)
Q27. Reporting channel for cyber fraud in India:
a) 198
b) 1930
c) 102
d) 1515
Answer: b) 1930 👉 (HIGHLY IMPORTANT)
Q28. Official portal for reporting cybercrime:
a) myaccount.india.com
b) www.cybercrime.gov.in
c) www.safebanking.com
d) www.helpline.india.gov
Answer: b) www.cybercrime.gov.in
Q29. Supervisory authority for cybersecurity for banks in India:
a) SEBI
b) RBI
c) IRDAI
d) TRAI
Answer: b) RBI
Q30. CERT-In stands for:
a) Centre for Emergency Response in Telecom
b) Computer Emergency Response Team – India
c) Central Equipment Risk Team
d) Cyber Enforcement & Regulation Team
Answer: b) Computer Emergency Response Team – India
Q31. RBI Cybersecurity guidelines emphasize:
a) Multi-factor authentication
b) Free downloads
c) New bank openings
d) ATM relocation
Answer: a) Multi-factor authentication
Q32. Who is primarily responsible for fraud prevention?
a) Only RBI
b) Only customers
c) Bank + Customer + Regulator
d) Insurance companies
Answer: c) Bank + Customer + Regulator
Q33. KYC update fraud is an example of:
a) Vishing only
b) Phishing or vishing both
c) Digital scam unrelated to banks
d) ATM fraud
Answer: b) Phishing or vishing both
Q34. Which payment system is most targeted now?
a) Cheques
b) UPI
c) NEFT
d) RTGS
Answer: b) UPI
Q35. A fraudulent call asking to install screen-sharing apps is:
a) Online banking support
b) Remote access fraud
c) ATM settlement
d) Auto KYC
Answer: b) Remote access fraud
Q36. Which is the fastest action after detecting fraud transaction?
a) Visit branch next week
b) Inform RM later
c) Call helpline 1930 immediately
d) Post on social media
Answer: c) Call helpline 1930 immediately
Q37. NPCI mainly works for:
a) ATM security
b) Digital payments infrastructure
c) Postal money orders
d) Branch licensing
Answer: b) Digital payments infrastructure
Q38. Which tool protects payments against phishing?
a) VPN
b) Multi-layer transaction authentication
c) Browser theme
d) Data compression
Answer: b) Multi-layer transaction authentication
Q39. SMS header scrubbing is used to prevent:
a) Card insurance
b) Fake SMS spoofing
c) Passbook printing
d) Call waiting
Answer: b) Fake SMS spoofing
Q40. RBI’s major initiative for digital payment safety issued in 2021:
a) Digital India Payment Act
b) Digital Payment Security Controls
c) Cyber Act 2021
d) Secure Banking Mission
Answer: b) Digital Payment Security Controls
📍 CHAPTER 4: RECENT DEVELOPMENTS & CURRENT AFFAIRS (10 MCQs)
Q41. Which network helps banks share fraud details collectively?
a) Fraud info-sharing grid
b) Cyber coordination centre
c) Bank fraud intelligence consortium
d) Cyber shield network
Answer: c) Bank fraud intelligence consortium
Q42. Push payment fraud is related to:
a) ATM withdrawal
b) UPI transfer
c) Cheque collection
d) Cash deposit
Answer: b) UPI transfer
Q43. Scam involving fake RBI toll-free numbers is:
a) RBI approval scam
b) RBI helpline vishing
c) Fake remittance fraud
d) Card replacement scam
Answer: b) RBI helpline vishing
Q44. QR code scam works by:
a) Scanning to receive payment
b) Scanning redirects to payment screen requesting money
c) Saving new contact
d) Generating receipt
Answer: b) Scanning redirects to payment screen requesting money
Q45. Fraudsters sending apk files to install:
a) Wallpaper apps
b) Screen-sharing spyware
c) Calendar tools
d) Music apps
Answer: b) Screen-sharing spyware
Q46. RBI directs banks to:
a) Promote fraud-linked lotteries
b) Display cyber safety messages on screen
c) Reduce ATM network size
d) Withdraw online banking services
Answer: b) Display cyber safety messages on screen
Q47. SIM swap attack enables:
a) Faster internet
b) Control of OTP delivery
c) Call recording
d) SMS encryption
Answer: b) Control of OTP delivery
Q48. Which term describes fraudulent remote access using apps like AnyDesk/TeamViewer?
a) Virtualizing
b) Remote takeover
c) digital shadowing
d) behavioural hacking
Answer: b) Remote takeover
Q49. The newest fraud trend where criminals impersonate Police using WhatsApp video call:
a) Video phishing
b) Video vishing
c) Officer conferencing
d) Virtual policing
Answer: b) Video vishing
Q50. Best protection against phishing & vishing is:
a) Sharing information quickly
b) Awareness & verification of caller identity
c) Switching bank accounts frequently
d) Always keeping phone on
Answer: b) Awareness & verification of caller identity
⏳ 2-Minute Quick Revision Sheet
✔ Phishing = Email/SMS fraud
✔ Vishing = Voice call fraud
✔ Aim = Steal confidential banking information
✔ Cyber Crime Helpline = 1930
✔ Websites to report = www.cybercrime.gov.in
✔ Agencies: RBI, CERT-In, NPCI
✔ Never share OTP, CVV, ATM PIN, UPI PIN
✔ Most common case: Fake KYC update