Shashwat Chaturvedi
Finally, the fraud sharks of the cyber space have started phishing in Indian
waters.
The last few days have been quite eventful for Internet banking users in
India: First there were reports of bank customers being sent email by
fraudsters, asking them to part with their personal details.
And then ICICI Bank's net banking website was cloned, the duplicate website
was a complete replicate of the original and intend to beguile account holders
into divulging their user ID and password.
After receiving complain from an alert customer, ICICI got into action and
the website was clamped down before it could do cause significant damage.
What is Phishing?
Wikipedia defines phishing as “a form of social engineering, characterized
by attempts to fraudulently acquire sensitive information, such as passwords and
credit card details, by masquerading as a trustworthy person or business in an
apparently official electronic communication, such as an email or an instant
message.”
Thus emails asking for sensitive information are all sophisticated 'baits' to
'fish' for an unaware user. Madhabhi Puri Buch, senior general manager, ICICI
Bank, underlines the fact that banks never solicit information over the email,
so whosoever do, are simply trying to make a fast (read easy) buck.
Once, these fraudsters have the relevant information, there is no limit to
what damage they may cause (though, the most usual thing is to just empty your
account). They could create fake cards (debit & credit), use your ebay
accounts for bidding, etc.
Where does it happen?
Everywhere, so long as there is a computer connected to the Internet. C.N.
Ram, head (IT), HDFC Bank, says, “It is quite common across the world. First,
we had mails from so-called Nigerian bank officers, offering millions of
dollars; now there are mails trying to extract consumer details. The difference
being, in the past the mails were direct and threatening, i.e., your account
will be closed, etc. Now, they are more subtle and sophisticated.”
Every month thousands of such incidents are reported, according to the Anti-Phishing
Working Group's website, the figures for India have increased over the past
week, with the percentage points going a shade up to 2.36% last week from 1.35%
in the previous weeks.
But, Madhabhi reassures that phishing is not such a danger, as Internet users
seem to be well aware of the machinations of the dirty group.
Who is susceptible?
Simply put, YOU! The good news is that you do not have to fret as long as you
follow some simple ground rules. There are many ways in which these fraudsters
find out your email account addresses. More often than not, it is a random
exercise, sending these hoax mails to thousands of customers from the databases
available in the market for a small price. “There are many ways in which your
email ID is compromised. When you register at some websites or the different
forums, etc., it is quite easy for these people to get the email Ids and then it
is just a matter of chance,” says Ram.
Remember what mummy said
In case, you get a mail from the bank or any other financial institutions
asking for account information, there are two things that Ram advises, just
press Delete or call up the bank.
Remember what mummy told you when you were a kid, 'never talk to strangers.'
Similarly, you should certainly not part with your details. God forbid, if you
have already been conned by the mail into sharing the information, Madhabhi has
just one piece of advice: “Pick up the phone and call up the banking officer,
we will take care of the rest.”
She gives the instance of the latest incident. Once ICICI came to know about
a mirror site, it sprung into action and the website was closed within a few
hours itself, thereby limiting the damage.
How are the banks gearing up?
“The best way to fight this menace is through awareness,” says Madhabhi.
The private banks in India have put in processes in place to combat such crimes.
The banks are also quite proactive in sending out mails and putting up
advertisements on their websites. During the past week, HDFC sent mails to
scores of customers warning them of the attacks.
“We are closely working with enforcement agencies like Mumbai Cyber Crime
Cell to safeguard the customers,” assures Ram. He also talks about various
technologies that HDFC is looking at, for instance two-factor authentication,
wherein there is an additional level of security involved like issuing a
one-time password through and SMS, etc.
Madhabhi dittos: “We could see the adoption of biometric systems in the
near future thereby reducing the threat to online bank users,” she adds.
Coming back to the latest ICICI incident, the damage was quite negligent.
ICICI recorded fraud transactions of Rs. 27,000, quite small considering that
every month Rs. 1200 crores are transacted online.
Meanwhile, ACP Sonar at the Bandra Kurla Complex police station is working
with his IT team, trying to nab the fraudsters, “Cannot share details, as it
might compromise the case,” is all that he will say.