Zerodha co-founder Nithin Kamath on Thursday (October 16) said that he fell victim to a phishing attack and compromised his personal X (formerly Twitter) account.

The incident happened on Wednesday (October 15), and Kamath said the fault was his own. A 'momentary lapse in attention', while going through the e-mail inbox on his personal device.

The mail was able to bypass all the spam filters, and Kamath unwittingly clicked on the 'Change your Password' link, and within minutes, the hackers were able to take over his X account and post shady cryptocurrency-related links to hoodwink naive users to invest on their platform.

However, they couldn't fully take over Kamath's X account, as it was 2FA (two-factor authentication) enabled. He was able to recover in the nick of time and delete those fraudulent cryptocurrency links before they could have caused more harm to his followers.

Having learnt a valuable lesson, Kamath advised people of the dangers lurking online. No matter how much improvement there is in cybersecurity technology to curb fraud, people should always practice digital hygiene to avoid getting scammed on the internet.

"Goes on to show that no matter how careful we are, all it takes is one slip of the mind. As important as technical cybersecurity are human processes, policies, and procedures that account for worst-case scenarios and the psychology of the weakest link, which is us. 2FA is absolutely essential, but clearly, it is not a technical solution to human psychology. This is why it is so important for cybersecurity frameworks within organisations and governments to be holistic and not fixate on technical solutions," said Nithin Kamath.

"Despite awareness, policies, systems, and conversations at Zerodha on these risks on a regular basis, all it took was one slight slip of the mind," Kamath added.

Here are some valuable tips on how to safeguard yourself from online fraud and phishing scams:

Always know that cybercriminals use primal emotions--excitement and fear-- to prey on the victims. But, there will always be tell-tale signs in these emails or messages, and they can give away it is bad and needs to be ignored.

Be sure to notice any of the following to differentiate genuine from fake email:

1) Keep an eye on spelling and grammar. Even if the miscreants are creative enough to develop a genuine-looking company logo or institution's insignia, they make mistakes and are bad at sentence construction. These are sure signs of a fake email

2) Also, be sure to check out the email ID fully. It may have the name of a company or government agency, but cybercriminals will not be able to create a fake registered official email ID on platforms such as Gmail. For instance, if you get a notice from the IT department, the email ID will have-- communication@cpc.incometax.gov.in--, but fake ones will have dubious IDs such as incometax.gov.in@gmail.com. Notice the '@gmail.com'? If you see any IT department notice with a private domain name ever again, junk it and move on.

FYI-- This is the official website of Income Tax-- 'www.incometaxIndiaefiling.gov.in' , but we have seen cybercriminals using a compromised website-- 'www.incometaxefilingsindia.in' (notice they have interchanged 'Indiaefiling' with 'efilingsindia' to prey on naive users.

Also, be sure to notice that the government website will have '.gov.in' at the end of the website address. And, we should be wary of websites with 'http'. Safe websites have 'https' in their address ID.

3) No matter what email you get, never share financial details through email. This applies to OTP as well. DO NOT SHARE OTP with anybody. Be it a bank company or the IT department, they will never ask you to divulge any financial details. If you get one junk it. If you have any doubt, go to the nearest branch office and get it clarified.

4) Also, never share personal details such as birth certificates, or photocopies of graduate certificates, or personal identity cards such as Aadhar, Voter ID, or Driver's Licence online to anybody unless you know them personally. Double-check by calling the person and getting the right email ID.

5) If you ever get a job offer via email from a company that you never applied for, just junk it and move on

6) If you get an offer and the person is seeking money as a security deposit for a job. It's better to look for other opportunities. No genuine company will ask for money to secure a job

7) Also, if you get a job offer with a really big paycheck compared to your designation's CTC (Cost to the Company) in terms of the industry standard. Be wary of such emails

8) Similarly, if you get a big prize money voucher via email and you never participated in any of the seasonal promotional sale campaigns, don't get greedy and just ignore the mail.

Nothing comes free in life. Just be happy with hard-earned money safe in the bank

9) It is a good practice to install anti-virus applications on the PC and mobile phones to detect malware in the system and thwart cyber threats when browsing on compromised websites

If you or your loved one has fallen victim to the phishing attack, make sure to follow the procedure and also note down the emergency phone numbers shown below:

Immediately, call the customer care number of your bank and ask them to block the transaction. Also, make sure you call the police control room to report the crime.

Union Home Ministry of India has set up the National Cyber Crime Reporting Portal (here) and also a helpdesk hotline 1930. The latter is 24x7 operational in Delhi, Rajasthan, Uttarakhand, Chhattisgarh, Uttar Pradesh, Assam, Tamil Nadu, and Andhra Pradesh.

If you ever receive any fake IT department notice, report it on the official Income Tax website (here). Also, forward the e-mail or the website URL to ' webmanager@incometax.gov.in ​​​​'. You can also forward it to this email ID too-- ' incident@cert-in.org.in '.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.