/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Phishing has reached alarming proportions in the recent months. From the swishing of funds of gullible bank customers, phishers today show no remorse even in decamping donations meant for earthquake and Tsunami victims.
In the first half of 2007, 196,860 unique phishing messages worldwide were detected by the Symantec Probe Network. This is an 18 percent increase over the last six months of 2006, and equates to an average of 1,088 unique phishing messages daily, for the first half of 2007.
In an interaction with CIOL, Vishal Dhupar, MD, Symantec India, explains the way phishers operate across the globe. He also demystifies the new and innovative ways deployed by ‘phishers’ to attack and steal confidential information from unsuspecting victims.
Dhupar also shares tips for users to avoid falling into phishers trap, and if one has already accidentally fallen, the ways to minimize his loss. Excerpts:
CIOL: How does one define phishing? What construes a phishing attack? Also, what is whaling and how different is whaling from phishing?
Vishal Dhupar: Phishing is an attempt by a third party to solicit confidential information from an individual, group, or organisation, often for financial gain. Phishers are groups or individuals who attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information. They may then use the information to commit fraudulent acts.
CIOL: How many attacks of phishing has Symantec recorded in the last year? A brief history of when and where phishing started will be appreciated. Please explain the business model if I may say of Phishing. How do Phishers benefit from such attacks?
VD: As mentioned earlier, phishers attack to trick users into disclosing personal data, such as credit card number, online banking credentials, and other sensitive issues. Phishers benefit heavily on the financial front. Today, no person attacks for ‘fame’ but for ‘fortune’.
CIOL: What sort of trends do you see in phishing attacks over the years like phishing attacks getting more targeted at the individual, company or small group level?
VD: Phishing as cyber crime came into the spotlight in the early years of the 21st century. Every year, experts at the security response labs at Symantec discover the new and innovative ways deployed by ‘phishers’ to attack and steal confidential information from unsuspecting victims
Phishing attacks was not just a global phenomenon but was very much in the news closer home in India as well. As per the Internet Security Threat Report released by Symantec in India on April 16, 2008, India was the fourteenth ranked country worldwide that hosts Phishing websites. Mumbai ranked highest in India in terms of phishing sites with 38 percent. Following in second position in this ranking, is New Delhi with 29 percent, followed by Bangalore and Chennai with 12 percent each.
In the first half of 2007, the Symantec Probe Network detected a total of 196,860 unique phishing messages worldwide, an 18 percent increase over the last six months of 2006. This equates to an average of 1,088 unique phishing messages per day for the first half of 2007.
One of the most notable trends observed in phishing last year was the rise of attacks on the financial sector including banks, financial institutions, etc.
According to the Symantec Internet Security Threat Report, most of the organizations
Organizations in that sector accounted for 79 percent of the brands that were used for phishing during this period. In 2008, experts at Symantec expect bots to diversify and evolve in their behavior with phishing sites hosted by bot zombies developing.
CIOL:What should a user do to prevent from fallen into phishing scam and if he has already fallen, how can he minimise his loss?
VD: Listed here are some security best practices recommended to consumers for stopping a phishing attack:
* Be wary of email asking for confidential information—especially of a financial nature. If you receive this kind of request, call to confirm the sender's identity and the validity of their request.
* Don't be pressured into divulging information. Phishers use scare tactics, employing urgent language to pressure you into submitting confidential data. They may threaten to disable an account or delay services until you update certain information. Contact the merchant who sent the email to confirm its authenticity.
* Watch out for generic-looking requests for information. Fraudulent emails are rarely personalized. Emails from your bank or ISP should directly address you or your account—confirm the authenticity of any suspicious request before responding.
* If a suspicious email contains a URL, don't click on it. Instead, navigate to the Web site by typing the URL directly into the address bar of your browser.
* Never submit confidential information via forms embedded within email messages. Instead, communicate that information over the phone or through a secure Web site.
* When submitting confidential information over the Internet, verify the site is secure. Just because the site's address begins with https doesn't necessarily mean the site is secure. Phishers may use URL masking techniques to mimic the secure address of an authentic company. Before submitting your information, confirm the URL's authenticity by clicking on your browser's "locked" symbol.
* Monitor your online accounts. Make sure all transactions are valid. If they aren't, contact your bank or Credit Card Company immediately.
* Keep your browser and operating system up to date. Check regularly for patches and upgrades.
* Lock down your computer with protection tools. Updated security tools reduce your exposure to spam-based phishing scams and protects against viruses and other blended threats.