Oh phish! Caught in the Net
You don’t have to wait in queues, you don’t have to deal with clueless executives and your time is your own. Online banking has a lot going for it. There’s just one catch — miss a trick, and you could get ‘phished’.
As more and more of Mumbai’s busy citizens opt to do their banking and credit card transactions online, a Nigerian national’s arrest in Surat on Thursday and Jitesh Kishan Gavit’s arrest from Mumbai’s western suburb of Nalasopara on February 8 — they have allegedly phished at least 25 HDFC bank accounts — send out a strong warning. Grapahics
With an estimated 35.4 million Internet users in India, we are a good market for phishers. Internet users here rank among the top social networking users, and global agencies that monitor phishing have sounded an alert to those hooked to such websites.
There’s more bad news. When it comes to hosting phishing websites — mirror sites that capture account details — India ranks third at 9.39 per cent, says the Anti-Phishing Working Group (APWG), a global pan-industrial and law enforcement association focused on eliminating fraud and identity theft due to phishing, pharming and email spoofing of all types.
The APWG report, which was released in November 2007, ranks China at the top with 24.21 per cent, followed by the US at 23.85 per cent. Russia, Thailand, Romania, Germany, South Korea, UK and France are other countries in the top 10 phishing list.
Internet users vulnerable
Internet users here are at high risk as the country is yet to have a dedicated agency that monitors cyber frauds, said Vijay Mukhi, president of Mumbai-based Foundation for Information Security and Technology, a private e-security firm.
Neither the government nor the information technology industry has taken measures to establish an agency that will monitor, track down and curb the growing number of cyber fraud cases in the country,” said Mukhi.
Gartner, Inc., a global IT research and advisory firm, reports that phishers are collecting personal data from social networking websites. Andrew Walls, research director for Gartner’s infrastructure protection group from Australia, said: “We are seeing phishing scams wherein personal data has been collected from online social networks such as MySpace and Facebook and then integrated into very personal and targeted emails.”
The mails sent to potential victims are personalised and seem credible. “The messages are more convincing due to the amount of personal information they contain,” said Walls. “The phishing message may be delivered through email, instant messaging, SMS, or a message on your social networking site (like a scrap).”
Specific India-based information from the Indian Computer Emergency Response Team, in its last report published in 2006, revealed that phishing attack against the e-commerce sector, which includes online retailers, auction sites and recruitment services, amounts to 76 per cent. The remaining 24 per cent of the attacks target banks and financial institutions.
Quick money, easy work
APWG’s latest report, published in January, reveals that it received reports of 28,074 phishing attacks and 23,630 phishing websites in November 2007.
Walls attributed the popularity of phishing to attractive profit margins. “The entire effort of building and distributing phishing messages can be automated, so the creation of thousands of phishing emails costs the phisher very little,” he said. So, if a phishing scam generates 50,000 messages and just one per cent of the recipients are taken in, the phisher has still defrauded 500 people.
Get secure, go public
The future of phishing will be controlled by the quality of security implemented by those targeted. “If fraud detection systems within a bank rapidly identify and stop phishing frauds, phishers will move to weaker targets,” Walls said.
Disclosing security breaches also helps. It educates consumers about the risk in online commerce, puts pressure on companies to improve security and gives governments an indication of the true level of crime. “Corporations must disclose security breaches to the public. This has been adopted in 38 (of the 50) states in the US and it’s yielding results.”
Enter your email to get our daily newsletter in your inbox
- Earlier this month, CBI in the first charge-sheet in the case had named BSF Commandant Satish Kumar and Murshidabad-based businessman Enamul Haque along with five others for their alleged involvement in cattle smuggling across the India-Bangladesh border.
- The bench, also comprising Justices L Nageswara Rao and S Ravindra Bhat apart from Chief Justice of India (CJI) SA Bobde were of the view that magistrates should play a more “intrusive” role in investigation.
- Police said the accused and the victim were in a relationship for a year, but of late she had been avoiding him.
- The national carrier at present is operating only special passenger trains since the curbs on lockdown were eased. Regular passenger trains have been suspended since March 25, 2020.
- Both the casualties took place due to IED blasts.
- The BJP unit has also been at loggerheads with the ruling Meghalaya Democratic Alliance (MDA) dispensation with its chief Earnest Mawrie accusing it of anomalies in governance.
- Shahjahanpur’s superintendent of police S Anand, SP, denied reports that the girl was burnt after a failed rape attempt
- An expert team is trying to drain out the lake to prevent another tragedy like the Chamoli flash flood.
- The tribal fair draws devotees not only from Telangana, but also from other states like Andhra Pradesh, Chhattisgarh, Maharashtra and Madhya Pradesh.
- The notice released by the state government stated “All passengers coming to West Bengal from the aforementioned 4 states shall mandatorily carry a covid negative RT-PCR report for such test conducted within 72 hours of flight departure.”
- The police said they were ascertaining the identities and affiliation of the two terrorists.