Phishing targets banking customers in India

Phishing has been one of the most dangerous crimes affecting global cyber users for quite a few years now. Although apparently considered easy to spot, phishing scams can be rather deceptively intelligent and even the most educated and sceptical cyber users can often fall prey to the most basic phishing scams. Phishing essentially is a scam where the fraudster masquerades as a reliable source in an attempt to steal valuable confidential data i.e. passwords, credit card numbers, access codes etc. However the sheer variety of phishing methods deployed in the cyberspace has intrigued enforcement agencies and fooled users around the world. But an important platform for the phishing scam’s incredible outreach has been the alarming growth of spam or unsolicited emails. A vast majority of phishing emails are in fact unleashed indiscriminately targeting cyber users randomly but sometimes these emails are also sent to specific target databases acquired through nefarious means. However the rise of spam in the Indian cyberspace has played a dangerously direct role in the growth of phishing scams, password stealing URLs and victims in India. Most phishing scams are targeted to steal financial information or access codes to control financial data. Hence it is not surprising that the banking sector is undoubtedly one of the favourite hunting zones for scammers prowling the cyberspace. Databases of bank customers are being traded in the black market allowing phishing scammers to send more appropriate spams targeted at actual bank customers.

 

Customers usually receive an innocuous email requesting them to update their access information (password etc.) by going to the login site after clicking the URL provided in the email. As expected the URLs are spoofed links leading the innocent customers to a bogus lookalike or deceptively similar website of their banks. Whether owing to ignorance or negligence, often the customer ends up going to the malicious URL which then steals their passwords allowing scammers to log in to the customer’s actual bank account online and make money transfers  to their chosen beneficiaries. The beneficiaries chosen by these scammers are usually native citizens who are recruited to become the scammer’s money mule through simple recruitment methods including recruitment sites, newspaper adverts, online job alerts etc. The money mule or the beneficiary provides his banking details to the scammer who ends up depositing the entire phishing money into their legitimate accounts. The mules thereafter withdraw the stolen money and send it by various means to the actual beneficiaries suitably delegated by the original scammer. Unfortunately for law enforcement agencies, the only crucial link ends with these money mules who had physically received money in their accounts. However most of these money mules are being virtually operated by scammers sitting abroad and hence it becomes extremely difficult for cyber crime cells or investigating officers to collect evidence or gain anything substantial in a majority of these cases against the main perpetrators.

 

Rules to avoid bank phishing are rather simple. Banks providing online account management facilities to customers never send or request confidential data by electronic means. Customers receiving such emails must straight away delete such emails and never even bother to venture trying the sent URLs. If the customers really want to visit their online bank accounts’ login page, they should just type the URL in the Address Bar manually rather than clicking any link from an email or from a webpage. Customers should also check the SSL Security Status as all banks deploy the SSL Security System on their login webpages. Further customers should also ensure to inform their local branch about the receipt of any such emails so that the Bank can issue a general warning or notification to all its customers about any such scam which may be operating at that time.

Advertisements

Phishing and Hacking target Facebook

Social networking sites have played a significant role in the lives of many everyday Internet users by providing an enjoyable and interactive platform to keep in touch with friends, colleagues, family or share images and videos. And as every good thing on the Internet that gains any popularity it often also ends up getting the attention of the wrong kind.

For the avid fans of social networking sites like Facebook, there is bad news. 

News reports reveal that hackers have found some vulnerability in the message service and are targetting innocent Facebook subscribers with unsolicited messages. The phishing attacks are engineered carefully as unsuspecting users get strange messages from their own Facebook contacts.  The messages are mostly requesting innocent users to simply go to specific websites and unfortunately quite a number of the recipients have indeed ventured into typing these URLs in their web browsers. Some of these sites are designed to look like Facebook requesting login information and as soon as the user types in the confidential data, the information is captured by the phishing sites. Some other sites are simply downloading malware into the computers of surfers aiming to capture private and confidential data like passwords, credit card details etc. Most of these suspicious inbox messages are requesting users to go to strange URLs some ending with .be . A commonality of all these unauthorised messages is that they are being sent as bulk messages to many contacts of a target profile.

 

How to avoid these attacks? Well if you are a Facebook user, there is no way you can avoid getting these messages although you definitely have the choice of not falling for them. So if you receive a message from a known Contact requesting you to go to a particular website or URL without specifically explaining the reason, just be careful. A simple way to avoid falling for this bait is to message the Contact from whom you have allegedly received the message  and query as to whether and why the URL was sent in the first place. I am sure if your Contacts want to share a particular URL, they will most definitely tell you the reason in the message itself. So Facebook users, tread with caution!

Email Virus ratio highest in India

Email viruses are increasing alarmingly in India. According to Messagelabs Intelligence Reports, global ratio of email-borne viruses in email traffic seem to be getting less intense as compared to the statistics available since 2005.  The February 2009 global ratio indicates that 1 in 304.9 emails (0.33%) are spam mails which is roughly a decrease of 0.06% since January 2009 and if compared to the 2005 stats the situation seems much better as the global ratio then was at an alarming rate of 1 in 12.9 emails being spam mails. However the news is not all that good for Indian cyber users considering the results of the virus rate charts for worst affected geographical locations published by Messagelabs Report for February 2009. Virus activity in India reportedly has arisen by 0.16% amounting to 1 in 197.4 emails thus catapulting India to the No. 1 position for most virus activity in the world for the month of February 2009. The Report puts Germany, United Kingdom, Canada and Hong Kong behind India as the Top 5 Geographies for virus rates globally.

 

This is concerning news for online users in India where the country’s Internet population is growing at a rapid rate with broadband Internet reaching large populations and Internet Service Providers coming out with more economic and affordable tariffs. World statistics on Internet usage (Internetworldstats) for 2008 suggest that India is No. 4 among the Top 20 Countries for highest number of Internet users. China, USA and Japan occupy the first three positions respectively in the table.

 

With spammers and virus originators targeting the Indian cyberspace more than ever before it needs to be seen how the recent changes in the cyber laws of the country help fight this growing menace. The Information Technology Act amendments, although has supporters and detractors on equal measure, is yet to be notified and only time will tell whether the current Indian cyber laws help deter this alarming influx of spam and viruses into the country.

 

There is  no question however that Internet population in the country is only going to grow larger and hence awareness about cyber security, privacy and laws for Internet users need to be highly prioritised. With knowledge about cyber crime prevention and data protection made more readily available, cyber users in the country will probably get more equipped to counter modern abuses like phishing, spam, advance fee frauds, malware attacks and other cyber scams operating extensively on the web.