Phishing targets banking customers in India

Phishing has been one of the most dangerous crimes affecting global cyber users for quite a few years now. Although apparently considered easy to spot, phishing scams can be rather deceptively intelligent and even the most educated and sceptical cyber users can often fall prey to the most basic phishing scams. Phishing essentially is a scam where the fraudster masquerades as a reliable source in an attempt to steal valuable confidential data i.e. passwords, credit card numbers, access codes etc. However the sheer variety of phishing methods deployed in the cyberspace has intrigued enforcement agencies and fooled users around the world. But an important platform for the phishing scam’s incredible outreach has been the alarming growth of spam or unsolicited emails. A vast majority of phishing emails are in fact unleashed indiscriminately targeting cyber users randomly but sometimes these emails are also sent to specific target databases acquired through nefarious means. However the rise of spam in the Indian cyberspace has played a dangerously direct role in the growth of phishing scams, password stealing URLs and victims in India. Most phishing scams are targeted to steal financial information or access codes to control financial data. Hence it is not surprising that the banking sector is undoubtedly one of the favourite hunting zones for scammers prowling the cyberspace. Databases of bank customers are being traded in the black market allowing phishing scammers to send more appropriate spams targeted at actual bank customers.

 

Customers usually receive an innocuous email requesting them to update their access information (password etc.) by going to the login site after clicking the URL provided in the email. As expected the URLs are spoofed links leading the innocent customers to a bogus lookalike or deceptively similar website of their banks. Whether owing to ignorance or negligence, often the customer ends up going to the malicious URL which then steals their passwords allowing scammers to log in to the customer’s actual bank account online and make money transfers  to their chosen beneficiaries. The beneficiaries chosen by these scammers are usually native citizens who are recruited to become the scammer’s money mule through simple recruitment methods including recruitment sites, newspaper adverts, online job alerts etc. The money mule or the beneficiary provides his banking details to the scammer who ends up depositing the entire phishing money into their legitimate accounts. The mules thereafter withdraw the stolen money and send it by various means to the actual beneficiaries suitably delegated by the original scammer. Unfortunately for law enforcement agencies, the only crucial link ends with these money mules who had physically received money in their accounts. However most of these money mules are being virtually operated by scammers sitting abroad and hence it becomes extremely difficult for cyber crime cells or investigating officers to collect evidence or gain anything substantial in a majority of these cases against the main perpetrators.

 

Rules to avoid bank phishing are rather simple. Banks providing online account management facilities to customers never send or request confidential data by electronic means. Customers receiving such emails must straight away delete such emails and never even bother to venture trying the sent URLs. If the customers really want to visit their online bank accounts’ login page, they should just type the URL in the Address Bar manually rather than clicking any link from an email or from a webpage. Customers should also check the SSL Security Status as all banks deploy the SSL Security System on their login webpages. Further customers should also ensure to inform their local branch about the receipt of any such emails so that the Bank can issue a general warning or notification to all its customers about any such scam which may be operating at that time.

New Cyber Fraud Hits India – “Online Journal Publishing Scam”

The cyberspace is increasingly becoming like a world where you spend more time avoiding frauds, scams and malicious attacks rather than actually using the space for something creative. Cyberspace is already crawling with millions of malware like viruses, worms, Trojans and spyware; hackers are attacking computers to create large botnets of compromised zombie computers and scammers spending their evil brain cells on designing effective scams through phishing, pharming, money mule or even the hopelessly simple yet effective advance fee fraud (419 Fraud). Whether it is a new type of cyber fraud or an old fraud with a twist, cyberspace is a dangerous place for those oblivious or unaware of its diabolical facade. For those who have been keeping themselves updated about the various tricks unleashed by cyber criminals, be surprised as a new scam seems to have hit town and is quite frankly deceptively dangerous. The “journal publishing scam” (as I would like to call it) is a fraud aimed at primarily the lecturers, professors, readers or researchers who like getting their creative writing and thoughts published in various online journals and e-magazines. Even students looking to debut on their publishing efforts and needing a viable space to pen their intellect in order to glamorise their CVs and profiles are an easy target of this shameless scam.

 

So what is the online journal publishing scam all about? Well the whole thing starts with the set up of a website designed as a popular journal publishing site with journals available in a wide variety of areas including science, technology, law, medicine or anything creative and believable. The scammers put up their site along with links to description of each and every claimed journal and even go to the extent of providing an Editorial Board filled with representatives from across the world. As expected the fictitious Board Members are ofcourse made to look like they have seriously academic profiles with little room for doubting their genius. Nothing in these sites look apparently suspicious and information about these alleged journals look almost believable for anyone looking to seriously publish their work. This scam is perhaps aimed more at those individuals who have little or non existent knowledge about publishing online as a frequent publisher would perhaps be able to sniff out the scam. In reality there is neither a publishing team nor editorial board and most frankly the senders of the email have also never published any online journal or magazine. The claim on their sites is usually that they are a charitable organization with no sponsors and hardly any revenue. They sustain themselves on a meagre amount of “Handling Fee” that is to be sent by those authors who are allowed to publish their work by the Editorial Team. Emails are sent to the possible targets requesting the recipients to submit articles for publishing. The emails contain links to their site and a number of email addresses where the articles or white papers can be submitted for perusal and scrutiny. Although initial emails never mention the dangerous “handling fee”, the websites will inadvertently mention this in a naive and innocent manner hoping to lure oblivious and budding writers. For those who mistakenly send their articles receive a confirmation from the Board informing them that their articles or papers have been accepted for submission and that a “handling fee” must be paid by the successful author in order for the paper to be published. Authors who have probably already been lured into this scam end up paying the small amounts hoping to see their writing online in the chosen journals. Money gets transferred and the scam is complete. I dont think I need to expressly mention here but nonetheless I will state that ofcourse the journals (or the articles) never get published. As far as hitting the database for potential victims are concerned, I guess that they are targetting academic organizations (with email addresses), professors or lecturers (with direct email contact available online) or even students going through online advertisements in order to publish their work somewhere. As far as the scam is concerned, it is designed for specific target populations and hence not expected to get major returns for the scammers unlike the popular and very obvious 419 frauds or advance fee frauds reaching millions of email users everyday. Email users are becoming increasingly aware of the scam techniques and methods and hence it is only natural that the perpetrators are coming up with new ideas. Although the new journal publishing scam may not be churning out billions of dollars, it surely has the potential to rake in quite a signficant amount considering the number of people who are looking for options to publish online.

 

The golden rule of almost any form of the Advance Fee or 419 Fraud is that there is always undoubtedly a request for a small payment irrespective of the jargon used whether “processing fee” or “handling fee” or “commission” or even “bank transfer charges”. So beware the next time an email crops up in the inbox or the junk folder inviting article submissions for academic journals online. Frankly any reputed or credible online publishing journals will never be sending unsolicited emails randomly to users across the world inviting article submissions.

India at No.4 among Top Countries with Internet Users

India is at No. 4 among the Top20 countries with the highest number of Internet users in the world. World Internet User Statisticsupdated till 31st March 2009 puts India at an enviable fourth position behind China (1st), USA (2nd) and Japan (3rd). With an Internet population of almost 81 Million users and the exponential growth of broadband facilities in the country combined with the affordable tariff rates makes it look like India may well reach the TOP2 very soon. In Asia alone, India is at No. 3 just behind China andJapan. Although India with 81 Million users is just a little behind Japan (94 Million), the gap between China and the rest of the Asian countries is quite massive with the Chinese Internet population alone standing at a staggering 298 Million. China is currently the world’s top country for highest Internet users with US trailing behind with 227.2 Million users.

 

Although Internet user statistics look quite promising for the Indian cyberspace, the dampner comes in the form of statistics for Internet penetration in the country which looks quite abysmal at a lowly 7.1% compared to China (22.4%) andJapan (73.8%). However these Internet penetration statistics are not that surprising considering India’s population (1,147,995,898) is only behind that of China (1,330,044,605). But with the major attempts by Internet Service Providers in India to provide competitive tariffs, India’s Internet may well reach further than it ever has in the next few years.  There is a definite requirement to stress on ensuring a competitive and comprehensive digital infrastructure.

Statistics available from www.internetworldstats.com

Cybersquatters increase in India

Yes you read the title right. Cybersquatters have probably increased in India if the statistics of World Intellectual Property Organization are only to go by.

 

Cybersquatting or domain name registrations with malicious intent has been a problem of the cyberspace for quite a long time now. The WIPO Arbitration Panels have been dealing with thousands of international domain name disputes with involved parties being from varied legal jurisdictions. Cybersquatting has also been a concern for Indian businesses as several “bad faith” registrations have occurred over the last eight or nine years but the Indian courts have in most occasions thwarted the illicit intentions of the registrant. Even the Hon’ble Supreme Court of India has delivered its first and only cyber law judgement in 2004 in the landmark domain name dispute case of  Satyam Infoway Ltd. v. Siffynet Solutions Pvt. Ltd.wherein it was held that domain names should be accorded similar protection as those available to trademarks under the Indian trademark laws. There have been plenty of such cybersquatting cases across India and some of the most notable ones include Yahoo Inc. v. Akash Arora & Anr. in 1999, Rediff Communication Ltd. v. Cyberbooth & Anr. (famous as the Rediff Radiff dispute) in 2000, Dr. Reddy’s Laboratories Ltd. v. Manu Kosuri in 2001, Info Edge (India) Pvt. Ltd. & Anr. v. Shailesh Gupta & Anr. (famous as the Naukri.com & Naukari.com dispute) in 2002 among many others. The effective response of the Indian courts against cybersquatters has prompted trademark owners to report malicious registrations and accordingly redress their grievances quickly in the courts. Where Indian complainants have failed to find an Indian court of competent jurisdiction they have effectively approached the WIPO to beat domain abusers to a meek surrender. It may not be known by many but India’s first case on cybersquatting to be decided by a WIPO Panel was the complaint brought by Bennett Coleman & Co. Ltd. (publisher of the popular news publications “The Economic Times” and “The Times of India”) against Steven S. Lalwani to challenge the latter’s “bad faith” registration of domain names including “theeconomictimes.com” and “thetimesofindia.com” to take online advantage of the reputation and goodwill of both the renowned publications. Ultimately Bennett Coleman & Co. Ltd. won and the infringing domain names were transferred to them. Since then WIPO has received several complaints from Indian trademark owners who have chosen to fight domain name abusers and infringers by approaching the Panel to effect the appropriate domain transfers.

 

WIPO statistics reveal that it had received as many as 45 complaints from India in 2000 regarding “bad faith” domain registrations made by potential cybersquatters. Over the last 9 years the number of complaints have definitely reduced to as little as 17* in 2008 and the overall total complaints received at WIPO from Indian complainants since 2000 stands at 148*. But an alarming reverse trend has been the number of cybersquatting complaints made against registrants from India. The number of complaints against Indian registrants has steadily increased since 2000 and in 2008 as many as 64* complaints (highest since 2000) were registered against Indian entities for having allegedly made “bad faith” registrations. The total number of complaints received at WIPO against Indian registrants since 2000 stands at a surprising 237*. This reverse trend coming out in cybersquatting as far as Indian registrants are concerned (if WIPO statistics are only to go by) has triggered a possible opinion that the number of the so-called “cybersquatters” are perhaps emerging more within the country. And very recently Google (one of the most popular Internet companies in the world) complained to the WIPO against two Indian entities for malicious “bad faith” domain registrations. WIPO found bad faith and deceptive usage on the part of both the Indian entities to confuse Internet users and accordingly transferred the domain names “googlehrd.com” and “mygooglemoney.com” used by Kolkata-based Ascio Technologies Inc and Net Jobs of Rajasthan to Google.

 

However despite the evidence provided above, the overall opinion that “cybersquatters are increasing in India” could be a little over simplistic just because of the fact that the statistics incorporated are the ones only reported in WIPO, however the examination and analysis of also the cases registered in Indian courts on domain disputes in the recent years would probably give us a more balanced view of whether the “cybersquatters” have increased in India or whether the cybersquatting incidents targeting Indian trademark owners have also accordingly increased by a large proportion thus rendering the opinion a little too biased and imbalanced. Another factor that needs to be incorporated and evaluated in the present context is that there is also a large increase in the number of domain name registrations being made by Indian registrants. With Internet usage (including broadband availability) increasing dramatically over the last few years and more businesses choosing to adopt an online presence, it will be easier to state that the statistics seem to be swaying one way because of the definite increase of registrations in India.

 

Irrespective of whatever the final report is in this debate about the numbers related to “Cybersquatters v. Victim Trademark Owners” in India, the obvious point is that cybersquatting (domain name disputes) are here to stay and intellectual property owners in India need to be even more vigilant to ensure that their valuable and expensive IP is not being easily infringed upon and maliciously exploited in the virtual world. To make matters worse, cyber abusers of IP are not just limiting themselves to domain registrations but are also trying to misuse online platforms like “keyword linked advertising” to direct unsuspecting traffic towards their deceptively similar online destinations.

 

– Misum Hossain,  Global School of Tech Juris

Email Virus ratio highest in India

Email viruses are increasing alarmingly in India. According to Messagelabs Intelligence Reports, global ratio of email-borne viruses in email traffic seem to be getting less intense as compared to the statistics available since 2005.  The February 2009 global ratio indicates that 1 in 304.9 emails (0.33%) are spam mails which is roughly a decrease of 0.06% since January 2009 and if compared to the 2005 stats the situation seems much better as the global ratio then was at an alarming rate of 1 in 12.9 emails being spam mails. However the news is not all that good for Indian cyber users considering the results of the virus rate charts for worst affected geographical locations published by Messagelabs Report for February 2009. Virus activity in India reportedly has arisen by 0.16% amounting to 1 in 197.4 emails thus catapulting India to the No. 1 position for most virus activity in the world for the month of February 2009. The Report puts Germany, United Kingdom, Canada and Hong Kong behind India as the Top 5 Geographies for virus rates globally.

 

This is concerning news for online users in India where the country’s Internet population is growing at a rapid rate with broadband Internet reaching large populations and Internet Service Providers coming out with more economic and affordable tariffs. World statistics on Internet usage (Internetworldstats) for 2008 suggest that India is No. 4 among the Top 20 Countries for highest number of Internet users. China, USA and Japan occupy the first three positions respectively in the table.

 

With spammers and virus originators targeting the Indian cyberspace more than ever before it needs to be seen how the recent changes in the cyber laws of the country help fight this growing menace. The Information Technology Act amendments, although has supporters and detractors on equal measure, is yet to be notified and only time will tell whether the current Indian cyber laws help deter this alarming influx of spam and viruses into the country.

 

There is  no question however that Internet population in the country is only going to grow larger and hence awareness about cyber security, privacy and laws for Internet users need to be highly prioritised. With knowledge about cyber crime prevention and data protection made more readily available, cyber users in the country will probably get more equipped to counter modern abuses like phishing, spam, advance fee frauds, malware attacks and other cyber scams operating extensively on the web.

Cyber Civil Liabilities in Eastern India

It has been almost eight and a half years since the inception of  the Indian cyber laws in the form of “The Information Technology Act, 2000” but the implementation or use of the statute’s provisions related to cyber civil liabilities seems to have never even been considered significant enough whether by individual clients or even corporate entities in the eastern part of India (specifically Kolkata). Ordinary civil courts are barred from having any jurisdiction in matters pertaining to The IT Act thereby making the roles of the Adjudicating Officer as well as the Cyber Tribunal (Delhi) much more emphatic. However unfortunately, the city of Kolkata has hardly seen any matters reaching the Adjudicating Officer.

 

The IT Act enumerates the various civil liabilities under Chapter IX of the statute including provisions related to unauthorized access, introduction of contaminants, copying, downloading, damage, disruption, denial of access and provides the possibility of the victim receiving a maximum compensation of upto Rs. One Crore. It is strangely surprising that a major city like Kolkata has hardly got any matters registered with the Adjudicating Officer and if records are to go by, currently there seems to be not even a single matter before the AO. This may lead many to come to the hasty conclusion that cyber crimes have not reached the cyber horizon of the city’s large database of Internet users, but this would be an erroneous assessment if only relied upon records.

 

The fact is Kolkata does have its fair share of cyber crimes and abuse and Cyber Crime Cells of the city are having to investigate several matters as we speak. But what needs to be realised is that perhaps the existence of the cyber civil liabilities provides an easier opportunity for victims to get compensation as the “Penalties” provisions completely undermine the requirement of any knowledge or intention. Thus the occurence of any event as described under the various sub-sections of Section 43 would prima facie entitle the victim to a possible compensation, although the said is entirely dependent on the Adjudicating Officer who has to assess the compensation on various factors as mentioned in the statute. The civil liability provisions should be seen as a convenient redressal opportunity for those city businesses who seem to get periodically affected by nuisances such as cyber trespass or unauthorised access, introduction of malicious programs, damages or disruption to computers, access denial instances and such other scenarios. The forum is available for them to approach and try for a legitimate compensation under the Act, however unfortunately this forum continues to be ignored and undermined. It is not that the city’s young breed of professionals are not aware of cyber laws and such related provisions as my personal experience tells me that a large number of the young graduates today are cyber savvy and more aware bout technology related laws than many give them credit for. Although a very personal opinion, but I can argue that the city’s lack of cyber civil matters owes more to the lack of awareness among victims of the available grievance redressal forum that exists for them to easily access.

Being the promoter and supporter of cyber laws in Kolkata, I hope that I will be able to actively bring this issue up for discussions on important platforms including symposiums, conferences and workshops that will be hosted by Global School of Tech Juris in the near future. I am certain that the right amount of awareness among the city netizens will bring about a positive change thus opening the doors to cyber civil matters which will ensure that citizens are not only able to use this forum to redress their grievances but also that the budding legal professionals will be able to give this area a serious thought.