Phishing targets banking customers in India

Phishing has been one of the most dangerous crimes affecting global cyber users for quite a few years now. Although apparently considered easy to spot, phishing scams can be rather deceptively intelligent and even the most educated and sceptical cyber users can often fall prey to the most basic phishing scams. Phishing essentially is a scam where the fraudster masquerades as a reliable source in an attempt to steal valuable confidential data i.e. passwords, credit card numbers, access codes etc. However the sheer variety of phishing methods deployed in the cyberspace has intrigued enforcement agencies and fooled users around the world. But an important platform for the phishing scam’s incredible outreach has been the alarming growth of spam or unsolicited emails. A vast majority of phishing emails are in fact unleashed indiscriminately targeting cyber users randomly but sometimes these emails are also sent to specific target databases acquired through nefarious means. However the rise of spam in the Indian cyberspace has played a dangerously direct role in the growth of phishing scams, password stealing URLs and victims in India. Most phishing scams are targeted to steal financial information or access codes to control financial data. Hence it is not surprising that the banking sector is undoubtedly one of the favourite hunting zones for scammers prowling the cyberspace. Databases of bank customers are being traded in the black market allowing phishing scammers to send more appropriate spams targeted at actual bank customers.

 

Customers usually receive an innocuous email requesting them to update their access information (password etc.) by going to the login site after clicking the URL provided in the email. As expected the URLs are spoofed links leading the innocent customers to a bogus lookalike or deceptively similar website of their banks. Whether owing to ignorance or negligence, often the customer ends up going to the malicious URL which then steals their passwords allowing scammers to log in to the customer’s actual bank account online and make money transfers  to their chosen beneficiaries. The beneficiaries chosen by these scammers are usually native citizens who are recruited to become the scammer’s money mule through simple recruitment methods including recruitment sites, newspaper adverts, online job alerts etc. The money mule or the beneficiary provides his banking details to the scammer who ends up depositing the entire phishing money into their legitimate accounts. The mules thereafter withdraw the stolen money and send it by various means to the actual beneficiaries suitably delegated by the original scammer. Unfortunately for law enforcement agencies, the only crucial link ends with these money mules who had physically received money in their accounts. However most of these money mules are being virtually operated by scammers sitting abroad and hence it becomes extremely difficult for cyber crime cells or investigating officers to collect evidence or gain anything substantial in a majority of these cases against the main perpetrators.

 

Rules to avoid bank phishing are rather simple. Banks providing online account management facilities to customers never send or request confidential data by electronic means. Customers receiving such emails must straight away delete such emails and never even bother to venture trying the sent URLs. If the customers really want to visit their online bank accounts’ login page, they should just type the URL in the Address Bar manually rather than clicking any link from an email or from a webpage. Customers should also check the SSL Security Status as all banks deploy the SSL Security System on their login webpages. Further customers should also ensure to inform their local branch about the receipt of any such emails so that the Bank can issue a general warning or notification to all its customers about any such scam which may be operating at that time.

Advertisements

New Cyber Fraud Hits India – “Online Journal Publishing Scam”

The cyberspace is increasingly becoming like a world where you spend more time avoiding frauds, scams and malicious attacks rather than actually using the space for something creative. Cyberspace is already crawling with millions of malware like viruses, worms, Trojans and spyware; hackers are attacking computers to create large botnets of compromised zombie computers and scammers spending their evil brain cells on designing effective scams through phishing, pharming, money mule or even the hopelessly simple yet effective advance fee fraud (419 Fraud). Whether it is a new type of cyber fraud or an old fraud with a twist, cyberspace is a dangerous place for those oblivious or unaware of its diabolical facade. For those who have been keeping themselves updated about the various tricks unleashed by cyber criminals, be surprised as a new scam seems to have hit town and is quite frankly deceptively dangerous. The “journal publishing scam” (as I would like to call it) is a fraud aimed at primarily the lecturers, professors, readers or researchers who like getting their creative writing and thoughts published in various online journals and e-magazines. Even students looking to debut on their publishing efforts and needing a viable space to pen their intellect in order to glamorise their CVs and profiles are an easy target of this shameless scam.

 

So what is the online journal publishing scam all about? Well the whole thing starts with the set up of a website designed as a popular journal publishing site with journals available in a wide variety of areas including science, technology, law, medicine or anything creative and believable. The scammers put up their site along with links to description of each and every claimed journal and even go to the extent of providing an Editorial Board filled with representatives from across the world. As expected the fictitious Board Members are ofcourse made to look like they have seriously academic profiles with little room for doubting their genius. Nothing in these sites look apparently suspicious and information about these alleged journals look almost believable for anyone looking to seriously publish their work. This scam is perhaps aimed more at those individuals who have little or non existent knowledge about publishing online as a frequent publisher would perhaps be able to sniff out the scam. In reality there is neither a publishing team nor editorial board and most frankly the senders of the email have also never published any online journal or magazine. The claim on their sites is usually that they are a charitable organization with no sponsors and hardly any revenue. They sustain themselves on a meagre amount of “Handling Fee” that is to be sent by those authors who are allowed to publish their work by the Editorial Team. Emails are sent to the possible targets requesting the recipients to submit articles for publishing. The emails contain links to their site and a number of email addresses where the articles or white papers can be submitted for perusal and scrutiny. Although initial emails never mention the dangerous “handling fee”, the websites will inadvertently mention this in a naive and innocent manner hoping to lure oblivious and budding writers. For those who mistakenly send their articles receive a confirmation from the Board informing them that their articles or papers have been accepted for submission and that a “handling fee” must be paid by the successful author in order for the paper to be published. Authors who have probably already been lured into this scam end up paying the small amounts hoping to see their writing online in the chosen journals. Money gets transferred and the scam is complete. I dont think I need to expressly mention here but nonetheless I will state that ofcourse the journals (or the articles) never get published. As far as hitting the database for potential victims are concerned, I guess that they are targetting academic organizations (with email addresses), professors or lecturers (with direct email contact available online) or even students going through online advertisements in order to publish their work somewhere. As far as the scam is concerned, it is designed for specific target populations and hence not expected to get major returns for the scammers unlike the popular and very obvious 419 frauds or advance fee frauds reaching millions of email users everyday. Email users are becoming increasingly aware of the scam techniques and methods and hence it is only natural that the perpetrators are coming up with new ideas. Although the new journal publishing scam may not be churning out billions of dollars, it surely has the potential to rake in quite a signficant amount considering the number of people who are looking for options to publish online.

 

The golden rule of almost any form of the Advance Fee or 419 Fraud is that there is always undoubtedly a request for a small payment irrespective of the jargon used whether “processing fee” or “handling fee” or “commission” or even “bank transfer charges”. So beware the next time an email crops up in the inbox or the junk folder inviting article submissions for academic journals online. Frankly any reputed or credible online publishing journals will never be sending unsolicited emails randomly to users across the world inviting article submissions.