Criminals go phishing | gadgets | Hindustan Times
Today in New Delhi, India
Jun 28, 2017-Wednesday
-°C
New Delhi
  • Humidity
    -
  • Wind
    -

Criminals go phishing

Police say cyber criminals are constantly trawling the net in search of unsuspecting victims, and keep upgrading their modus operandi. Puja Changoiwala writes.

gadgets Updated: May 15, 2012 01:17 IST
Puja Changoiwala
Puja Changoiwala

If you have not been snared in the 'phishing' net in cyberspace yet, you could soon be, if you're not careful. All it takes is one wrong click of the right button.

It's in that seemingly innocuous email, which states that you have won millions and which seems too good to be true, and in that phone call that declares you the winner of a lottery you do not even remember buying a ticket for.

A doctor from a leading city-based hospital recently received a call from a friend, asking if he required financial assistance. The doctor, seated in his air conditioned office in a suburban hospital, assumed it was a simple case of miscommunication.

However, when several other friends called him 'offering to help him', he suspected something amiss. All his friends claimed they had received an email from his personal account.

When the doctor tried signing into his email account, he realised his password had been compromised. He immediately approached the cyber police. During investigation, it turned out that an unidentified person had hacked into his email account and had sent emails to several of those on his contact list.

"The mail contained a plea to help him financially as he was stuck in Spain and had run out of money. It requested his friends to send $1,000 to a specified bank account number. It further read that he had lost his cell phone and hence could not be contacted over the phone," said an officer from the cyber police.

Fortunately, in this particular case, the fraud came to light before any monetary loss could be incurred.

This technique, experts say, is termed 'speared phishing' wherein a cyber criminal sends out personalised emails to a select group of people.

"Earlier, there would be general emails sent out to lakhs of people but were impersonal in nature. This is one example of how cyber criminals have continuously kept 'fine tuning' their modus operandi over a period of time to appear more genuine," said Vicky Shah, a cyber expert.

In addition to this, people who have fed in details on certain job portals are also targeted.

"They receive emails promising them high-flying jobs. They are asked to pay a 'nominal fee' if they are interested in the job. Needless to say, once the criminals pocket the fee, there is no trace of them online," said another officer from the cyber police.

According to the police, at least 50,000 fraudulent emails were sent by the cyber criminals to probable victims in 2011 in Mumbai, promising them cash rewards in millions if they were willing to pay a 'nominal fee' of anywhere between Rs. 50,000 to a lakh.

Shah further said with scams like phishing becoming rampant, 99% of the problem lies between the keyboard and the chair - the user.

"Most users use unlicensed pirated software, which are not equipped to block such emails. There are several plug-ins such as Web of Trust and anti-phish tank that are easily downloadable and are integrated with browsers. If you click on a suspicious link, the plug-in will immediately pop up a notification," Shah said.

Besides, Shah said, in cases of speared phishing, also known as smishing, where people receive text messages or phone calls, they should immediately verify with the concerned authority.

"If you receive a text message from someone saying there is a problem with your bank account and that you should get in touch with the bank on the number you received the text from, instead of following the instruction, you should contact the bank through the official number provided to you. If users are not vigilant, you cannot blame the bank or other authorities," Shah said.

Experts opine that over the years, the scam has become more rampant. According to statistics from the Mumbai police, while five cases of phishing were registered with the Mumbai police in 2010, the number increased to nine in 2011.

Phishing, also referred to as brand spoofing or carding, is a variation of 'fishing', the idea being that bait is thrown with the hope that some will be tempted to bite.

Case studies
Amol Redij, 34, writer

Mumbai

In April last year, 34-year-old author, Amol Redij, was elated when he received an email stating he had been selected for a part-time job with a German company, where he would earn 350 euros (around Rs. 24,000) a week.

Redij, a resident of Goregaon, then exchanged documents, filled in the form sent by the company, and in response, received the employment contract, employee ID, payment terms, appointment letter and all legal documents that would substantiate the authenticity of the affair.

"After I received the appointment letter, however, they emailed me saying that my job was online data conversion, for which I had to paste the data provided by the company into some software. And that software I had to buy online for 67 euros," he said.

A little presence of mind saved Redij from plunging headlong into the scam.

"I got suspicious when they asked me to buy the software. I then decided to scan the Internet to learn more about the company. It was then that I found they did not have an official website. The content in their 'about us' section was pasted from some other website," he said.

Redij said he also chanced upon forums where people had pasted the same appointment letter with the same company name, logo and same contact person.

"I had uploaded my profile on several job sites a few years ago. Although I could not remember having applied for that particular company, I gave it the benefit of doubt. I am fortunate to have realised it was a scam in the nick of time. I was saved from getting duped," he said.

'I was told I had won $2m'

Rajdeep Basudkar, 40, businessman

Mumbai

Basudkar, a businessman based in Kalwa in Thane, was approached by fraudsters on two occasions this year. Each time his insistence on verifying the claims of the offenders saved him from being trapped.

In January this year, someone called Basudkar claiming that he had won a lottery worth millions of dollars and that the person had come all the way from Washington, USA, to hand over the amount to Basudkar.

"He said he was at Delhi airport and needed me to transfer Rs. 8,000 into his Indian bank account so that he could get the customs clearance at Delhi airport. I told him that I had friends working with the Delhi customs and that they could help him get the amount cleared or pay the fee. He hung up and never called back," he said.

Similarly, a month later, Basudkar received an email from an American woman claiming she had won a lottery of $2 million. She wrote that Basudkar, too, qualified for the lottery and that he should contact one Mr Pastor Cole based at Nariman Point. Cole, the email said, was the representative of the American company's Indian counterpart.

"They said Cole worked with the American embassy. When I verified, there was no such person. I still maintained contact to see where the conversation was going when eventually, they said that my $2 million had been cleared and that I should transfer Rs. 15,000 in their account to facilitate the money transfer," he said.

"In response to the demand of Rs. 15,000, I told the woman that I was financially unstable at the moment and that if she transferred the two million dollars to me, I could pay back the Rs. 15,000 to her. She tried to convince me otherwise, but eventually cut contact," he said.