Advertisment
Tech

Phishing in Indian waters

author-image
CIOL Bureau
Updated On
New Update





Shashwat Chaturvedi





Finally, the fraud sharks of the cyber space have started phishing in Indian waters.





The last few days have been quite eventful for Internet banking users in India: First there were reports of bank customers being sent email by fraudsters, asking them to part with their personal details.





And then ICICI Bank's net banking website was cloned, the duplicate website was a complete replicate of the original and intend to beguile account holders into divulging their user ID and password.





After receiving complain from an alert customer, ICICI got into action and the website was clamped down before it could do cause significant damage.





What is Phishing?





Wikipedia defines phishing as "a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message."





Thus emails asking for sensitive information are all sophisticated 'baits' to 'fish' for an unaware user. Madhabhi Puri Buch, senior general manager, ICICI Bank, underlines the fact that banks never solicit information over the email, so whosoever do, are simply trying to make a fast (read easy) buck.





Once, these fraudsters have the relevant information, there is no limit to what damage they may cause (though, the most usual thing is to just empty your account). They could create fake cards (debit & credit), use your ebay accounts for bidding, etc.





Where does it happen?





Everywhere, so long as there is a computer connected to the Internet. C.N. Ram, head (IT), HDFC Bank, says, "It is quite common across the world. First, we had mails from so-called Nigerian bank officers, offering millions of dollars; now there are mails trying to extract consumer details. The difference being, in the past the mails were direct and threatening, i.e., your account will be closed, etc. Now, they are more subtle and sophisticated."





Every month thousands of such incidents are reported, according to the Anti-Phishing Working Group's website, the figures for India have increased over the past week, with the percentage points going a shade up to 2.36% last week from 1.35% in the previous weeks.





But, Madhabhi reassures that phishing is not such a danger, as Internet users seem to be well aware of the machinations of the dirty group.





Who is susceptible?





Simply put, YOU! The good news is that you do not have to fret as long as you follow some simple ground rules. There are many ways in which these fraudsters find out your email account addresses. More often than not, it is a random exercise, sending these hoax mails to thousands of customers from the databases available in the market for a small price. "There are many ways in which your email ID is compromised. When you register at some websites or the different forums, etc., it is quite easy for these people to get the email Ids and then it is just a matter of chance," says Ram.





Remember what mummy said





In case, you get a mail from the bank or any other financial institutions asking for account information, there are two things that Ram advises, just press Delete or call up the bank.





Remember what mummy told you when you were a kid, 'never talk to strangers.' Similarly, you should certainly not part with your details. God forbid, if you have already been conned by the mail into sharing the information, Madhabhi has just one piece of advice: "Pick up the phone and call up the banking officer, we will take care of the rest."





She gives the instance of the latest incident. Once ICICI came to know about a mirror site, it sprung into action and the website was closed within a few hours itself, thereby limiting the damage.





How are the banks gearing up?





"The best way to fight this menace is through awareness," says Madhabhi. The private banks in India have put in processes in place to combat such crimes. The banks are also quite proactive in sending out mails and putting up advertisements on their websites. During the past week, HDFC sent mails to scores of customers warning them of the attacks.





"We are closely working with enforcement agencies like Mumbai Cyber Crime Cell to safeguard the customers," assures Ram. He also talks about various technologies that HDFC is looking at, for instance two-factor authentication, wherein there is an additional level of security involved like issuing a one-time password through and SMS, etc.





Madhabhi dittos: "We could see the adoption of biometric systems in the near future thereby reducing the threat to online bank users," she adds.





Coming back to the latest ICICI incident, the damage was quite negligent. ICICI recorded fraud transactions of Rs. 27,000, quite small considering that every month Rs. 1200 crores are transacted online.





Meanwhile, ACP Sonar at the Bandra Kurla Complex police station is working with his IT team, trying to nab the fraudsters, "Cannot share details, as it might compromise the case," is all that he will say.























































tech-news