You may have come across articles citing an Advisory
against phishing frauds, recently.
What is phishing?
It is a fraudulent attempt to either obtain sensitive information such as your user name and password or induce you to make payments for certain transactions.
Rogue elements usually use fake IDs, direct us to seemingly authentic (but fake) websites and induce us to pay via payment links which direct the money into their bank accounts.
While such elements have traditionally relied on telephone calls, e-mail and SMS, other modes such as Instant Messaging (WhatsApp) and voice-based commands (Alexa) are also increasingly susceptible
Fraudulent Messages usually capitalise upon our greed or fear -with subject lines like 'Congratulations! You have won a prize' or 'Your Account has been hacked' - in order to entice us to open them. read the contents and often, divulge key information.
Here are a few ways to protect ourselves:
We should refrain from revealing financially sensitive sensitive information (such as your PAN, Aadhaar Number, Bank Account Number, OTP, etc.) even if the caller insists. Reputed service providers will never authorise calls seeking such information.
Carefully scrutinise the e-mail ID of the sender. Ensure that the domain name exactly matches that of the organisation purporting to have sent it (For instance, e-mails sent by us should be from
and NOT pofas.com
Also, it is not advisable to click on links contained within e-mails as they may redirect you to a fake website. Instead, visit a website directly by typing the URL in the browser.
Phishing sites often closely resemble a genuine website. You may be led to these via e-mails, SMS, search engines, etc.
We reiterate that it is important to closely check the address of the website (In our case - https://amc.ppfas.com) and ensure it is authentic.
Also, verify that the Security Certificate is authentic and still valid, by clicking on the 'lock icon' to the left of the website's address.
Opt for 2 Factor Authentication (2FA) for logging in, wherever possible and also change passwords at regular intervals.
Given that SMS' may originate from various IDs, it may not be possible to verify their provenance, in every case. However, the same precautions mentioned above (such as not clicking links, visiting the website by typing in the URL, etc.) should be adhered to.
PPFAS Mutual Fund assures you:
1. We will never seek financially sensitive information via any means - written or oral.
2. None of our communications will contain payment links.
We only accept payments via the 'PPFAS SelfInvest' Mobile and Web Apps.
Finally... please contact us
in case you experience, or suspect a phishing attack conducted in the name of our Fund.