India is the 14th ranked country worldwide that hosts phishing websites. Leading banks and their clients have been targeted over the past year. Lack of awareness by Indian net banking users have made phishing successful in India.
PHISHING ATTACKS are no longer just a global phenomenon, but very much in the news closer home in India as well. As per the Internet Security Threat report released by Symantec in India on April 16, 2008, India is the 14th ranked country worldwide that hosts phishing websites. Mumbai is ranked highest in India regarding phishing sites with 38 per cent, followed by Delhi with 29 per cent and Bangalore and Chennai with 12 per cent each. Phishing has reached an alarming magnitude in the recent months. From siphoning of funds of innocent bank customers, phishers today have started looting donations meant for earthquake and tsunami victims also.
The scam, which is called phishing is like fishing, fishing for your password and the idea being that bait is thrown out with the hope that someone will be tempted into biting. Phishing is the practice of scamsters setting up bogus websites that look like those of genuine banks, financial institutions and retailers like Amazon, Ebay, Paypal, in an attempt to trick consumers into giving up their credit card numbers. These criminals typically spam out authentic looking e-mails with duplicate addresses that seem to come from banks, credit card companies or online retailers. They pose as customer service representatives and request their online password and then they would use the passwords to obtain the credit card numbers. The e-mail subject headers warn the recipient of a problem with their account and in the e-mail there is either a form to fill out with personal information, or a link to the crook’s phoney website.
Phishing has become a serious problem in India. Leading banks, or rather their clients, have been targeted over the past year. Lack of awareness by Indian net banking users about such fraudulent practices, have made phishing successful in India. With the success rate being high, phishing attacks have multiplied and have become more sophisticated. However, many of these frauds don’t get publicised as many banks don’t want to jeopardise their brand image and customer loyalty. In May, 2006, hoax mails were sent to internet-banking account holders of ICICI Bank asking for their internet banking login ID and password. ICICI Bank got into action immediately and sent out warning mails to all customers asking them to ignore the mail. Subsequently, HDFC Bank and Citigroup too were targeted. Now most banks have security teams, working to stay one step ahead of these fraudsters.
In Chennai, a couple of days back, phishers struck a senior citizen and that too a retired bank manager. NV Srinivasan, a 72-year-old bank official was relieved of his lifetime savings of Rs 21 lakhs after he unintentionally gave away details of his bank account by opening a phishing mail sent to him, in the name of Punjab National Bank, asking him to update his personal details by clicking a link given in the mail, to make the bank account more secure. Srinivasan found his net banking facility blocked moments after he replied to the mail. He did not realise the extent of the fraud. “He then sent a mail to Neelam Singh, a person named as the signatory and security head of the Punjab National Bank in the phishing mail. When he did not get a reply to the mail, Srinivasan went and checked with the bank, only to find that Rs 21 lakh had been withdrawn from his account,” a CCB official said. Initial investigation by the CCB bank fraud wing and the cyber crime cell has revealed that a woman had withdrawn the amount from an ICICI bank branch in Mumbai.
Better awareness should be created among people transacting through net banking. People getting such mails should immediately check with the bank concerned. And before performing any banking transactions through the net, follow the instructions provided by the banks and look for security emblems and marks on the home page of the bank.
It should also be noted that banks never contact by e-mail asking for password or any other sensitive information. Most important, never ever follow a link in an e-mail. Instead, go directly to the valid company’s site then log on from there or call the company directly or type its URL directly into the address bar of your browser.
Confirm the URL’s authenticity by looking for the padlock icon in the browser’s toolbar, which signifies a secure site. Never use the same password for all of your online accounts and never store online account information and passwords in files on your computer. Monitor your online accounts. Make sure all transactions are valid. Never send personal or financial information to anyone via email.
Awareness and knowledge is still the most efficient protection against internet fraud. There are several websites and anti-phishing working group dedicated to giving free education regarding internet fraud. Beat the phishers and do not bite the bait of these online ’phishers’ angling for account information !
0 comments:
Post a Comment