Session 4 — Attacks, Online Banking Security & Troubleshooting

Sunita didi works in customer support at a bank. Every single day, she answers calls from people who clicked a link that looked real, entered their details on a page that looked real, and discovered too late that it was not real at all. “The OTP is gone, the money is gone,” she says. “And there is almost nothing I can do at that point.”

This is the most applied session of the course. We look at how real attacks work — not in theory, but step by step, the way an attacker thinks. Then we look at how online banking is designed to resist those attacks. Then we look at how to troubleshoot when something goes wrong on a network.

What You Will Learn

  • How phishing attacks are constructed and why they work
  • How MITM (man-in-the-middle) attacks work on unsecured networks
  • What DNS spoofing is and how to spot it
  • How online banking login works end-to-end and where security is applied
  • How to investigate a suspicious link or email before clicking it
  • A basic mental model for troubleshooting network problems

The Big Idea

Attackers do not break encryption — they bypass it. The most successful attacks do not crack TLS or steal private keys. They trick people into handing over credentials willingly. Understanding how attacks are constructed is the best defence against falling for them.

Character Focus This Session

Sunita didi opens the session — her daily work makes every concept concrete and urgent.

Rohan goes deep on how banks layer security into the login process — not just encryption, but session management and 2FA.

Deepa asks the hard question: “If phishing is so obvious, why do so many people fall for it?”

Warm-Up Check

Before reading on:

  1. You receive an email: “Dear customer, your SBI net banking has been suspended. Click here to update your KYC: sbi-kyc-update.in.” What are the red flags?
  2. You are at a café and see two Wi-Fi networks: “CafeWiFi_Official” and “Free_CafeWiFi”. The second one does not ask for a password. Which one is safer? Why?
  3. Have you ever received a call or message claiming to be from your bank asking for your OTP? What is the right response?