Phishing targets banking customers in India

Phishing has been one of the most dangerous crimes affecting global cyber users for quite a few years now. Although apparently considered easy to spot, phishing scams can be rather deceptively intelligent and even the most educated and sceptical cyber users can often fall prey to the most basic phishing scams. Phishing essentially is a scam where the fraudster masquerades as a reliable source in an attempt to steal valuable confidential data i.e. passwords, credit card numbers, access codes etc. However the sheer variety of phishing methods deployed in the cyberspace has intrigued enforcement agencies and fooled users around the world. But an important platform for the phishing scam’s incredible outreach has been the alarming growth of spam or unsolicited emails. A vast majority of phishing emails are in fact unleashed indiscriminately targeting cyber users randomly but sometimes these emails are also sent to specific target databases acquired through nefarious means. However the rise of spam in the Indian cyberspace has played a dangerously direct role in the growth of phishing scams, password stealing URLs and victims in India. Most phishing scams are targeted to steal financial information or access codes to control financial data. Hence it is not surprising that the banking sector is undoubtedly one of the favourite hunting zones for scammers prowling the cyberspace. Databases of bank customers are being traded in the black market allowing phishing scammers to send more appropriate spams targeted at actual bank customers.

 

Customers usually receive an innocuous email requesting them to update their access information (password etc.) by going to the login site after clicking the URL provided in the email. As expected the URLs are spoofed links leading the innocent customers to a bogus lookalike or deceptively similar website of their banks. Whether owing to ignorance or negligence, often the customer ends up going to the malicious URL which then steals their passwords allowing scammers to log in to the customer’s actual bank account online and make money transfers  to their chosen beneficiaries. The beneficiaries chosen by these scammers are usually native citizens who are recruited to become the scammer’s money mule through simple recruitment methods including recruitment sites, newspaper adverts, online job alerts etc. The money mule or the beneficiary provides his banking details to the scammer who ends up depositing the entire phishing money into their legitimate accounts. The mules thereafter withdraw the stolen money and send it by various means to the actual beneficiaries suitably delegated by the original scammer. Unfortunately for law enforcement agencies, the only crucial link ends with these money mules who had physically received money in their accounts. However most of these money mules are being virtually operated by scammers sitting abroad and hence it becomes extremely difficult for cyber crime cells or investigating officers to collect evidence or gain anything substantial in a majority of these cases against the main perpetrators.

 

Rules to avoid bank phishing are rather simple. Banks providing online account management facilities to customers never send or request confidential data by electronic means. Customers receiving such emails must straight away delete such emails and never even bother to venture trying the sent URLs. If the customers really want to visit their online bank accounts’ login page, they should just type the URL in the Address Bar manually rather than clicking any link from an email or from a webpage. Customers should also check the SSL Security Status as all banks deploy the SSL Security System on their login webpages. Further customers should also ensure to inform their local branch about the receipt of any such emails so that the Bank can issue a general warning or notification to all its customers about any such scam which may be operating at that time.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: