Danger of Phishing Scam – What is it and How Do We Avoid It?

I recently wrote this post on stock market scams, which everyone should know about. Here we have described how fraudulent advisors ask you to take a position in illiquid option contracts (options that have less trading) and intentionally create losses, and take the profits from theft in your account. Some of these advisors, by providing investors with bad company shares, raise the price of that share and sell these shares themselves. Such investors fall into these stocks and cannot exit (this is called “pump and dump scheme”).

To prevent these scams on kite, we have implemented the following measures –

  • Prohibiting trade in illiquid option contracts,
  • Reporting any scam trade to the Exchange, and
  • Warning customers about risky shares using Nudge (Nudge) in the purchase order window.

After implementing these measures we have seen a decline in these cases. Now we have got to see a new kind of scam.

Fishing scam

Fraudsters make phishing (fake) websites that look like trading platforms created by big stock brokers. A link to these websites is sent to investors via SMS, e-mail or social media.

Investors reach the fake website with this link which looks like their share broker’s website. Here, they enter their login information (name, password, PIN, etc.). This information is captured by fraudsters, which they use to login to the investor’s trading account. And then they buy scam worthless company shares in the investor’s account or steal money from the investor’s account by trading illiquid option contracts.

If you do not have money in your account, these fraudsters sell the shares of your existing holdings and then trade them for that money. See these trades Which were recently made to one of our client’s accounts (we are presenting this to you with our customer’s consent). The login information of this investor was fraudulently taken to the wrong website at around 9 am and by 10 pm the fraudster had logged into the trading account. He sold shares worth Rs 70,000 and lost Rs 60,000 in a few minutes.

What can you do to avoid fraud?

  • When using a web browser, just enter your login information at “kite.zerodha.com”. Look at the address bar of the browser and make sure that the URL starts with kite.zerodha.com and has a lock icon next to it. When you use our partner application, you will still be able to give login information on our website.

Just enter your login information on “kite.zerodha.com”

  • If you are asked to login via SMS, email or phone on any website that is not kite.zerodha.com, do not click on the link or login. For reporting any such message or call [email¬†protected] Email and we will take necessary action against such websites.
  • If you see any trade you have not made in your account, report it to us immediately. We will lodge a police complaint against the counter-party of the trade and try to stop the payout from the exchange or cancel the trade.
  • Use 2Factor TOTP on Kite instead of PIN. To know how to use TOTP Read it. This will require installing a TOTP app on your mobile phone (eg: Google Authenticator), and connect your Kite account to it. After that, on every login, after entering your Kite password, you will be asked to enter the 6 digit code generated by the TOTP app. This code changes every minute and cannot be obtained by fraudsters.

What are we doing in Zerodha?

  • Exchanges already block intraday trading in many small stocks. We have included in this list all the shares which are illiquid and where fake trade can be executed.
  • If you login to enter Kite at any time from a new device or location, an alert will be sent to you and email or SMS OTP will be started to complete the login.

Once again, before logging in, make sure the website is https://kite.zerodha.com/, and start using TOTP for your account. Also, share this post with more and more people so that we can save everyone from fraud.

Kanyadan vs Sukanya

LIC Policy Revival