Thieves may E-shop with your credit data!

MUMBAI: The Cuffe Parade police on Sunday detained three suspects from Uttar Pradesh who had conspired and executed a credit card fraud in Mumbai. The accused targeted at least 60 customers of a bank in Navy Nagar and shopped online for goods worth over Rs 13 lakh, said police.

Krishna Prakash, additional commissioner of police, south region, said, "We had earlier arrested an accused, Krishna Pandey, who had come to take delivery of the orders placed on the Web. During his interrogation, we learned that the main accused, Sonu Yadav (21), was hiding in Gorakhpur, Uttar Pradesh. The gang targeted customers of Central Bank of India, Navy Nagar branch." 

The police are in the process of getting the suspects to Mumbai. "A bank official lodged the police complaint after they received several complaints of money being deducted from the accounts of some customers," said a police source. 

"They would order TV sets, fridges, high-end mobile phones, IPads and other costly electronics items online. Their intention was to purchase online and sell these goods immediately. It's still not clear how they got the credit cards' 16-digit numbers and passwords," said an officer. Those detained in Gorakhpur include Yadav, his accomplice Harish Pandey and two others. 

A computer and hard disc have also been seized. Police said that the accused managed to obtain the 16-digit credit card numbers and hacked into the bank's system to get the password. 

Twenty-six-year-old Pandey, the arrested accused, is a class XII dropout. He told the police that he was jobless and came in touch with Yadav, who was also from his hometown. Pandey reportedly asked Yadav for a job to earn livelihood. Yadav asked him to collect products for customers of online shopping. Pandey was promised a commission. He was arrested when he went to take delivery of a TV set. 
               

While a waiting police team caught Pandey, Yadav managed to flee from the spot in Thane last week. The accused have been booked for cheating (Section 420 of IPC) and hacking (Section 66 of IT act). Yadav is said to be a diploma holder in computer studies. The gang first committed the fraud in October and continued till January this year. "We have managed to spot several transactions wherein the accused had placed orders. We have recovered some products and are hoping for more," said the police. 

O P Shrivastav, the bank's assistant general manager asked this correspondent to talk to his deputy Ayyubi, general manager (credit cards). Ayyubi could not be contacted. 

To learn about Identity Theft, visit www.cibilconsultants.com

Source: Secondary

Signs that shows You've Been Hacked

In today's threats cape, antivirus software provides little piece of mind. In fact, anti malware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable. 

To combat this, many anti malware programs monitor program behaviors, often called heuristics, to catch previously unrecognized malware. Other programs use virtualized environments, system monitoring, network traffic detection, and all of the above at once in order to be more accurate. And still they fail us on a regular basis.

Here are 11 sure signs you've been hacked and what to do in the event of compromise. Note that in all cases, the No. 1 recommendation is to completely restore your system to a known good state before proceeding. In the early days, this meant formatting the computer and restoring all programs and data. Today, depending on your operating system, it might simply mean clicking on a Restore button. Either way, a compromised computer can never be fully trusted again. The recovery steps listed in each category below are the recommendations to follow if you don't want to do a full restore -- but again, a full restore is always a better option, risk-wise. 

Sure sign of system compromise No. 1: Fake antivirus messages 

In slight decline these days, fake antivirus warning messages are among the surest signs that your system has been compromised. What most people don't realize is that by the time they see the fake antivirus warning, the damage has been done. Clicking No or Cancel to stop the fake virus scan is too little, too late. The malicious software has already made use of unpatched software, often the Java Run time Environment or an Adobe product, to completely exploit your system. 

Why does the malicious program bother with the "antivirus warning"? This is because the fake scan, which always finds tons of "viruses," is a lure to buy their product. Clicking on the provided link sends you to a professional-looking website, complete with glowing letters of recommendation. There, they ask you for your credit card number and billing information. You'd be surprised how many people get tricked into providing personal financial information. The bad guys gain complete control of your system and get your credit card or banking information. For bad guys, it's the Holy Grail of hacking. 

What to do: As soon as you notice the fake antivirus warning message, power down your computer. If you need to save anything and can do it, do so. But the sooner you power off your computer, the better. Boot up the computer system in Safe Mode, No Networking, and try to uninstall the newly installed software (oftentimes it can be uninstalled like a regular program). Either way, follow up by trying to restore your system to a state previous to the exploitation. If successful, test the computer in regular mode and make sure that the fake antivirus warnings are gone. Then follow up with a complete antivirus scan. Oftentimes, the scanner will find other sneak remnants left behind. 

Sure sign of system compromise No. 2: Unwanted browser toolbar 

This is probably the second most common sign of exploitation: Your browser has multiple new toolbar with names that seem to indicate the toolbar is supposed to help you. Unless you recognize the toolbar as coming from a very well-known vendor, it's time to dump the bogus toolbar. What to do: Most browsers allow you to review installed and active toolbar. Remove any you didn't absolutely want to install. When in doubt, remove it. If the bogus toolbar isn't listed there or you can't easily remove it, see if your browser has an option to reset the browser back to its default settings. If this doesn't work, follow the instructions listed above for fake antivirus messages. You can usually avoid malicious toolbar by making sure that all your software is fully patched and by being on the lookout for free software that installs these tool bars. Hint: Read the licensing agreement. Toolbar installs are often pointed out in the licensing agreements that most people don't read. 

Sure sign of system compromise No. 3: Redirected Internet searches 

Many hackers make their living by redirecting your browser somewhere other than you want to go. The hacker gets paid by getting your clicks to appear on someone else's website, often those who don't know that the clicks to their site are from malicious redirection. You can often spot this type of malware by typing a few related, very common words (for example, "puppy" or "goldfish") into Internet search engines and checking to see whether the same websites appear in the results -- almost always with no actual relevance to your terms. Unfortunately, many of today's redirected Internet searches are well hidden from the user through use of additional proxies, so the bogus results are never returned to alert the user. In general, if you have bogus toolbar programs, you're also being redirected. Technical users who really want to confirm can sniff their own browser or network traffic. The traffic sent and returned will always be distinctly different on a compromised computer vs. an uncompromised computer. What to do: Follow the same instructions as above. Usually removing the bogus toolbar and programs is enough to get rid of malicious redirection. 

Sure sign of system compromise No. 4: Frequent random popups 

This popular sign that you've been hacked is also one of the more annoying ones. When you're getting random browser pop-ups from websites that don't normally generate them, your system has been compromised. I'm constantly amazed about which websites, legitimate and otherwise, can bypass your browser's anti-pop-up mechanisms. It's like battling email spam, but worse. What to do: Not to sound like a broken record, but typically random pop-ups are generated by one of the three previous malicious mechanisms noted above. You'll need to get rid of bogus toolbar and other programs if you even hope to get rid of the pop-ups. 

Sure sign of system compromise No. 5: Your friends receive fake emails from your email account 

This is the one scenario where you might be OK. It's fairly common for our email friends to receive malicious emails from us. A decade ago, when email attachment viruses were all the rage, it was very common for malware programs to survey your email address book and send malicious emails to everyone in it. 

These days it's more common for malicious emails to be sent to some of your friends, but not everyone in your email address book. If it's just a few friends and not everyone in your email list, then more than likely your computer hasn't been compromised (at least with an email address-hunting malware program). These days malware programs and hackers often pull email addresses and contact lists from social media sites, but doing so means obtaining a very incomplete list of your contacts' email addresses. Although not always the case, the bogus emails they send to your friends often don't have your email address as the sender. It may have your name, but not your correct email address. If this is the case, then usually your computer is safe. 

What to do: If one or more friends reports receiving bogus emails claiming to be from you, do your due diligence and run a complete antivirus scan on your computer, followed by looking for unwanted installed programs and toolbars. Often it's nothing to worry about, but it can't hurt to do a little health check when this happens. 

Sure sign of system compromise No. 6: Your online passwords suddenly change 

If one or more of your online passwords suddenly change, you've more than likely been hacked -- or at least that online service has been hacked. In this particular scenario, usually what has happened is that the victim responded to an authentic-looking phish email that purportedly claimed to be from the service that ends up with the changed password. The bad guy collects the logon information, logs on, changes the password (and other information to complicate recovery), and uses the service to steal money from the victim or the victim's acquaintances (while pretending to be the victim). What to do: If the scam is widespread and many acquaintances you know are being reached out to, immediately notify all your contacts about your compromised account. Do this to minimize the damage being done to others by your mistake. Second, contact the online service to report the compromised account. Most online services are used to this sort of maliciousness and can quickly get the account back under your control with a new password in a few minutes. Some services even have the whole process automated. A few services even have a "My friend's been hacked!" button that lets your friends start the process. This is helpful, because your friends often know your account has been compromised before you do. If the compromised logon information is used on other websites, immediately change those passwords. And be more careful next time. Websites rarely send emails asking you to provide your logon information. When in doubt, go to the website directly (don't use the links sent to you in email) and see if the same information is being requested when you log on using the legitimate method. You can also call the service via their phone line or email them to report the received phish email or to confirm its validity. Lastly, consider using online services that provide two-factor authentication. It makes your account much harder to steal. 

Sure sign of system compromise No. 7: Unexpected software installs 

Unwanted and unexpected software installs are a big sign that your computer system has likely been hacked. In the early days of malware, most programs were computer viruses, which work by modifying other legitimate programs. They did this to better hide themselves. For whatever reason, most malware programs these days are Trojans and worms, and they typically install themselves like legitimate programs. This may be because their creators are trying to walk a very thin line when the courts catch up to them. They can attempt to say something like, "But we are a legitimate software company." Oftentimes the unwanted software is legally installed by other programs, so read your license agreements. Frequently, I'll read license agreements that plainly state that they will be installing one or more other programs. Sometimes you can opt out of these other installed programs; other times you can't. What to do: There are many free programs that show you all your installed programs and let you selectively disable them. My favorite for Windows is Autoruns. It doesn't show you every program installed but will tell you the ones that automatically start themselves when your PC is restarted. Most malware programs can be found here. The hard part is determining what is and what isn't legitimate. When in doubt, disable the unrecognized program, reboot the PC, and reenable the program only if some needed functionality is no longer working. 

Sure sign of system compromise No. 8: Your mouse moves between programs and makes correct selections 

If your mouse pointer moves itself while making selections that work, you've definitely been hacked. Mouse pointers often move randomly, usually due to hardware problems. But if the movements involve making the correct choices to run particular programs, malicious humans are somewhere involved. Not as common as some of the other attacks, many hackers will break into a computer, wait for it to be idle for a long time (like after midnight), then try to steal your money. Hackers will break into bank accounts and transfer money, trade your stocks, and do all sorts of rogue actions, all designed to lighten your cash load. What to do: If your computer "comes alive" one night, take a minute before turning it off to determine what the intruders are interested in. Don't let them rob you, but it will be useful to see what things they are looking at and trying to compromise. If you have a cellphone handy, take a few pictures to document their tasks. When it makes sense, power off the computer. Unhook it from the network (or disable the wireless router) and call in the professionals. This is the one time that you're going to need expert help. Using another known good computer, immediately change all your other logon names and passwords. Check your bank account transaction histories, stock accounts, and so on. Consider paying for a credit-monitoring service. If you've been a victim of this attack, you have to take it seriously. Complete restore of the computer is the only option you should choose for recovery. But if you've lost any money, make sure to let the forensics team make a copy first. If you've suffered a loss, call law enforcement and file a case. You'll need this information to best recover your real money losses, if any. 

Sure sign of system compromise No. 9: Your antimalware software, Task Manager, or Registry Editor is disabled and can't be restarted 

This is a huge sign of malicious compromise. If you notice that your antimalware software is disabled and you didn't do it, you're probably exploited -- especially if you try to start Task Manager or Registry Editor and they won't start, start and disappear, or start in a reduced state. This is very common for malware to do. What to do: You should really perform a complete restore because there is no telling what has happened. But if you want to try something less drastic first, research the many methods on how to restore the lost functionality (any Internet search engine will return lots of results), then restart your computer in Safe Mode and start the hard work. I say "hard work" because usually it isn't easy or quick. Often, I have to try a handful of different methods to find one that works. Precede restoring your software by getting rid of the malware program, using the methods listed above. Sure 

Sign of system compromise No. 10: Your bank account is missing money 

I mean lots of money. Online bad guys don't usually steal a little money. They like to transfer everything or nearly everything, often to a foreign exchange or bank. Usually it begins by your computer being compromised or from you responding to a fake phish from your bank. In any case, the bad guys log on to your bank, change your contact information, and transfer large sums of money to themselves. What to do: In most cases you are in luck because most financial institutions will replace the stolen funds (especially if they can stop the transaction before the damage is truly done). However, there have been many cases where the courts have ruled it was the customer's responsibility to not be hacked, and it's up to the financial institution to decide whether they will make restitution to you. If you're trying to prevent this from happening in the first place, turn on transaction alerts that send text alerts to you when something unusual is happening. Many financial institutions allow you to set thresholds on transaction amounts, and if the threshold is exceeded or it goes to a foreign country, you'll be warned. Unfortunately, many times the bad guys reset the alerts or your contact information before they steal your money. So make sure your financial institution sends you alerts anytime your contact information or alerting choices are changed. 

Sure sign of system compromise No. 11: You get calls from stores about nonpayment of shipped goods 

In this case, hackers have compromised one of your accounts, made a purchase, and had it shipped to someplace other than your house. Oftentimes, the bad guys will order tons of merchandise at the same time, making each business entity think you have enough funds at the beginning, but as each transaction finally pushes through you end up with insufficient funds. What to do: This is a bad one. First try to think of how your account was compromised. If it was one of the methods above, follow those recommendations. Either way, change all your logon names and passwords (not just the one related to the single compromised account), call law enforcement, get a case going, and start monitoring your credit. You'll probably spend months trying to clear up all the bogus transactions committed in your name, but you should be able to undo most, if not all, of the damage. Years ago you could be left with a negative credit history that would impact your life for a decade. 
These days, companies and the credit reporting agencies are more used to cyber crime, and they deal with it better. Still, be aggressive and make sure you follow every bit of advice given to you by law enforcement, the creditors, and the credit-rating agencies (there are three major ones- CIBIL, Equifax, Experian). 

Malware vector trifecta to avoid:

The hope of an antimalware program that can perfectly detect malware and malicious hacking is pure folly. Keep an eye out for the common signs and symptoms of your computer being hacked as outlined above. And if you are risk-adverse, as I am, always perform a complete computer restore with the event of a breach. Because once your computer has been compromised, the bad guys can do anything and hide anywhere. It's best to just start from scratch. Most malicious hacking originates from one of three vectors: unpatched software, running Trojan horse programs, and responding to fake phishing emails. Do better at preventing these three things, and you'll be less likely to have to rely on your anti malware software's accuracy -- and luck.

If your Credit Score have been hampered because of Identity Theft, contact us- www.cibilconsultants.com

Source: Secondary

Fraudsters evolve new methods says, Cyber Crime reports

MUMBAI: Cyber crimes on debit or credit card usage have more than doubled as fraudsters evolve new cloning methods to stay ahead of banks which are improving security features with chip and pin cards, according to preliminary industry data. 

The number of such crimes has increased by about 125% since a year ago, a senior official from the National Payments Corporation or NPCI, a settlement platform for e-payments, told ET on condition of anonymity. 

Every month there are up to 50 cases of travelers who have used their cards in smaller towns and when they leave it gets swiped again even though they are carrying their original card, according to data provided by cyber crime experts. 

"The rate of cyber crime on debit/credit card usage is tremendously rising at the national level," said Rakshit Tandon, Director - A&R Info Security Solutions & Advisor- Cyber Crime Unit, Uttar Pradesh Police, Agra. "Awareness about security measures is abysmally low from both customers and banks. People are falling victim either of cloning or identify theft." 

On an average there are about between 40 and 50 cases compared with between 10 and 12 cases Tandon had to deal with every month two years ago. 

It was not a joke played out on April 1, when Delhi's Santosh Pandey had read six cash withdrawal texts on his mobile phone in the morning wiping out Rs 80,000 in just five-ten minutes during midnight from Navi Mumbai ATMs, the place he has not visited even once in life. 

The country's largest lender, the State Bank of India BSE -0.73 %, will shortly make two security mechanisms fully operational: a one-time password or OTP and SMS card block facility with a brief narration. Besides, SBIBSE -0.73 % is set to run a media campaign on do's and don'ts for a customer to protect the person from any cyber attacks. 

"We have been running extensive campaigns to create awareness among customers and will pace it up. We are compliant to all RBI guidelines in this regard," said SBI's Pulak Sinha, general manager (payment solutions). The bank keeps on receiving complaints of debit card cloning, he said. 

NPCI runs a system called Fraud Monitoring Solutions where 45 scenarios have been fed to detect any possible manipulation. "It will decline transactions in such scenarios. Cloning related frauds are on the rise," said the NPCI official on condition of anonymity. But this will not trace transactions where debit cards are used within the parent bank's ATM network. 

Most of us are using debit cards encrypted with black magnetic strip on the flip side, which can easily be cloned unlike a chip-enabled card. "The entire industry hardly has one or two percent cards with chip and pin. This will not expand unless it is mandated by the regulator," said a head of a public sector bank. 

Here's how some ploys work: 

A cyber swindler typically uses skimmers, a device to take image of your cards. There are several innovative ways to use such tool. This mostly happens with travelers. 

For example, a customer uses card to pay her bills at restaurants, bars, hotels and malls. Now, a person with malicious intentions, will drop her card deliberately and bent to pick it up when the skimmer planted on his shirt pocket will take images within fraction of seconds. The same image is transferred to personal computer and then, given to manufacturers to get a duplicate card. 

For password, fraudsters take the help of "shoulder surfing", where one can trace password closely observing finger movements standing just behind user's shoulder. 

Similarly, a customer leaves potential space for skimmers when he gives his card to a third party at a petrol pump to pay bills. 

The most latest con game is that some glue is put below the key pad at ATMs so that the circuit does not function properly even if you press button but the ATM can read your card data once it gets swiped in the machine. Later, when you exit from ATM terminal, the prowler will immediately enter the same and remove the glue and will receive the desire access but for only one time. 

Con men can also get your card data cloned from the ATM slips, which almost every user drops at dustbin without destroying it completely.

To learn about Identity Theft visit www.cibilconsultants.com
Source: Secondary

Youth's Appeal: Stay Away From Cyber-crime

AURANGABAD: In an attempt to curb the rising incidents of sexual harassment, the Vishakha Committee at Milind Science College has organised a workshop on Wednesday for sensitizing youth towards gender issues. The programme, was primarily aimed at addressing gender sensitisation and women's development issues.

"To create awareness about the Supreme Court guidelines on Vishakha judgement, the Milind Science College organised a workshop under the aegis of People's Education Society, Mumbai. We are emphasising on sensitization as well as awareness programmes," said Milnd Science College Vishakha Committee co-ordinator Bharati Bhandekar.

While briefing about the amendments to law in case of Juvenile Justice Act, Archana Kotapalle, lecturer at Miling Law College, said, "A draft bill amending the Juvenile Justice Act has been approved by the law ministry recently, which says those above 16 years of age will be considered ?adults' when they are accused of rape or equally severe crimes."

She added, "Gender sensitisation and women's development primarily aims at addressing contemporary socio-economic issues? Education plays a very important role in this, with institutions playing a bigger role."

Kotappalle also guided students on ethical use of internet and how to prevent from being a part of cyber crimes. "Students should stay away from calls for online transactions, sites calling for ATM passwords and also pornography sites. The youngsters need to be cautious in posting pictures and other details on the net, besides using the social media? They should be aware that anything done for fun could translate into a crime."

Bhandekar warned the male students that eve-teasing, clicking pictures of girls on mobile phones and sending messages to them on their cell phones are considered as cyber crimes, which can destroy their future.

Learn about identity theft at www.cibilconsultants.com

Source: Secondary

India Under E-attack

Growing internet penetration and rising popularity of online banking have made India a favourite among cyber criminals, who target online financial transactions using malware, security solutions pro-vider Trend Micro said.

According to the firm, India ranks third after Japan and the US in the tally of countries most affected by online banking malware during the April-June quarter of 2014.

Japan topped the list with the highest number of online banking malware infections this quarter due to VAWTRAK. In May alone, it saw 13,000 malware infections. The US saw about 5,000 malware infections during the month, followed by India at 3,000 attacks.

“India posed for cyber criminal expansion with an average of 2.5 million malware detection in a given month. Also, 33 per cent more malicious apps were downloaded and network traffic from affected computers continued to rise," Trend-Labs director Myla V Pilao said.

TrendLabs is Trend Micro’s research and development centre.

These and many such incidents show that cyber criminals will al-ways adapt to new trends and situations whether in the use of new malware or targeted attack techniques to continue their strikes, she added. She said the severity of attacks has intensified against financial and banking institutions as well as retail outlets globally.

“Total attacks have exposed more than 10 million personal records as of July 2014 and that strongly indicates that organisations need to adopt a more strategic approach to safeguarding digital information,” she said.

Such incidents often lead to stealing of consumer’s personal information like customer names, passwords, email addresses, home addresses, cell phone numbers, and date of birth.

These types of personal privacy breaches ha-ve affected organisation’s sales and earnings, while leaving customers unable to access accounts and dealing with service disruption, Ms Pilao said.

“The pace of change in technology sector has never been as rapid as it is now, and as a result we see firms struggling to keep up with the latest developments,” she said.

Ms Pilao added that it is essential that Indian businesses treat information security as a principal constituent of business strategy as time and again it has emerged as one of the top countries witnessing cyber crime.

Learn about identity theft at www.cibilconsultants.com

Courtcsy: Asia Age 

Are You A Credit Card Fraud Victim?

Indian credit card holders are increasingly becoming the target of online fraud with thieves using the cards frequently on sites abroad, which raises questions about how secure bank data is. Banks including State Bank of India, ICICI Bank Ltd and Citibank, have been witnessing such kind of fraud.

Says Uttam Nayak, group country manager-India and South Asia, Visa, "You need to be careful while using credit cards for online transactions. Simple things like using a complicated password, being cautious about using your card in a secure computer environment and insuring your credit card can help reduces frauds."

Cases of fraudulent activities abound. The sad part is that your only way out is to get into a loop of justice-seeking that may take years together by which time the money you have lost would lose value and you would have done the running around that's worth much more. A small relief is that your credit score doesn't get affected. Says Mohan Jayaraman, managing director, Experian Credit Information Co. of India Pvt. Ltd, "Any fraudulent activity doesn't have any impact on the credit score if you have documents proving that you are fighting against the fraud."

Here are the hoops you need to jump through before which you can expect justice. If you are lucky, you may not have to jump through all of them.

Step I: Inform the bank immediately and be firm

If you notice any kind of fraud transaction in your bank account, no matter how small the amount is, call or visit your bank as soon as you get to know about the fraudulent activity. If you are calling up the customer care, take note of the customer executive's name and reference number. If you are submitting a physical letter, keep a copy for yourself. Similarly, keep the records if you send an email.

There are instances, when the bank refuses to take the complaint, but some banks are cooperative.

Says Sanjay Sharma managing director and CEO, IDBI Intech Ltd, a wholly-owned subsidiary of IDBI Bank Ltd, "The moment a customer reports fraudulent activity on his card, the card is hotlisted after the due diligence so that no further fraud takes place." Says Amit Sethi, chief information officer, Yes Bank Ltd, "If any kind of fraud happens the vigilance department is informed. If money transfer is involved, the account is freezed and immediately the process for tracing the money starts. In case money is transferred to another account fraudulently, the bank where the money is transfer is contacted and that account is also freezed. Same is the system if it happens at a point of sale or merchant. The bank contacts them too."

Be adamant with your bank in terms of getting back your money. Says Murali Neelakantan, partner, Khaitan & Co, a law firm, "Individuals who have gone through such a fraud should stand up and say that they are not responsible for it. In fact, it is the bank that is at risk."

Here you need to be vigilant in reading your transaction slip and credit card statements. Based on these documents, you can dispute with your bank.

Step II: Approach banking ombudsman

If you don't get a reply from your bank within the specified period, or the bank rejects the complaint, or if the you are not satisfied with the reply, you can go to the banking ombudsman.

For approaching a banking ombudsman, you need to first check under which jurisdiction you fall. Once you know whom to contact, you can either send an email, fax or letter to the ombudsman.

Usually, the banking ombudsman gives a ruling cases within 30 days. In case of fraudulent transactions and breach of security by the bank, the chances of getting justice are quite high.

Step III: Go to the appellate authority

If you are not satisfied with the ruling of the banking ombudsman and you have been unable to get your money bank, the next thing is to approach the appellate authority, who is RBI's deputy governor; currently, KC Chakrabarty.

For this you will have to send a letter addressing Chakrabarty at RBI's Mumbai office 

Step IV: Move the court

You can go directly to a criminal court. All you need to do is file a first information report or FIR at a police station.

You can also file a complaint with cyber police stations. Says Pawan Duggal, a cyber law expert, "Remember the Umashankar Sivasubramaniam case. Here an adjudicating officer ruled that the bank would have to pay around R12.50 lakh as compensation. In this particular case, the bank appealed to the Cyber Appellate Tribunal."

Sivasubramaniam was a victim of phishing (online identity theft) in September 2007. He alleged the bank didn't take any action and sued the bank under the Information Technology (IT) Act. As of now, the case is under trial.

There have been cases that have been disputed and solved and where a customer has got back his dues from the bank. But there are some that drag on for years together.
Learn more about identity theft at www.cibilconsultants.com

Source-secondary

How to keep your credit card safe online

RAIPUR: With hacking of Facebook, Gmail and other networking websites on rise, threat of credit card/debit card bank accounts also being hacked looms large in state. Online shopping has further increased this threat.

Monendra Sahu, an ethical hacker said, "For hackers, carding, which refers to credit card/debit card fraud is the new duplicity that has made significant rise in state. Hackers have been using credit card/debit card numbers of people to carry out financial transactions for their personal benefits".

Online shopping/banking by users provides the easiest way for hackers to swindle money. "Whenever a user buys anything from the website, he enters his card details to make payment. This becomes an easy gateway for the hacker to trace card details and he gets access to all users who have used that website, by hacking it." Monendra said.

"It has also been observed that the hacker traces around 1000 or even more credit card/debit card numbers and carries out his transaction withdrawing around Rs 4000-5000 from each account. However, this risk is a bit lesser in an online bank account as in this; the user directly enters the bank website."

In fact, with new techniques coming in, hackers have even evolved a technique of scheming, in which they implant a device in the ATM machine or the POS portal and get card details. "A device which can be stuck with Fevikwik, is used by the hackers. It becomes difficult to differentiate between the device and ATM machine."

"Majorly, in the old ATM machines, which can be easily opened from back-side, hackers can easily process it by a pen-drive. It's easier to open the machine and inject a processed pen-drive which will take the card details of users who have carried out their transaction throughout the day. However the newly developed machines aren't much vulnerable," he added.

"Hackers try to use cyber cafes, where they can get in touch with a large number of users and with an open wi-fi connection which it make things easier for them," he added.

Users guide

* Change the pin of ATM card after getting the pin. Try to have a locked Wi-fi network however LAN cable would be even more secure.

* Stop using free anti-virus.

* Always use updated system for your laptop/computer.

* Use websites with HTTPS communication protocol which give encrypted password.

Protect yourself from Identity Theft. Visit www.cibilconsultants.com

Source: Secondary

Social networking mail Id should not be used for online transactions

Chandigarh: Security software maker Symantec advised internet users not to use e-mail ids being used for social networking sites like Facebook, Twitter for carrying out online banking or business transactions in order to prevent stealing of financial data. 

"They (internet users) should be more cautious while on social networking sites. They should have separate e-mail id for social networking site and other e-mail id for carrying out transactions like banking," Symantec MD Shantanu Ghosh told reporters here while replying to a query steps needed to be protected from cyber attack on social networking sites. "

We have observed that on social networking sites, people usually share their detail including personal ones with their friends as well as with those whom they do not know much and here they face the risk (of being attacked)," he said. "

Cyber attackers then can try to get into your e-mail ids through malware on these sites and try to steal vital information like credit card information," he said. He said not to click on any "untrusted" link in their e-mails or social networking site as it also poses threat of stealing important financial information of the user. 

Ghosh also cited an example when a malware in the name of bollywood female actor Katrina Kaif video was received by internet users on their e-mail ids in India and later it was found that the malware was intended to steal credit card information of the user. Acknowledging that the number of malwares in the cyber world has grown to millions in India in last few years, he also stressed on be cautious on framing a secure password for their e-mail ids to avert any cyber attack. 

"Some users use e-mail password as wife's birth date or anniversary day or birth year and most of these details are available on their social networking site account and it can also be misused by cyber attackers," he said. He added that small and medium business in cities like Chandigarh, Surat, Jaipur are facing the threat of cyber attack because of less spending by small entrepreneurs on security technology and growing use of internet. 

"Small cities, including Chandigarh, are sharing good amount of malware activity...(because) these companies are not spending much on security technology which makes them vulnerable to cyber attack," Ghosh said. He said increasing use of broadband and low awareness among entrepreneurs about malwares are also some of the reasons behind their vulnerability of cyber attack. 

"Augmented by broadband penetration, smaller and emerging cities of India are exploring opportunities offered by the virtual world in turn creating a new lucrative pool of targets for cyber criminals to exploit," he said. As per the Symantec Internet Security, a sizeable 25 per cent of small and emerging cities like Chandigarh, Surat, Cochin, Jaipur are infected by malwares.

Protect yourself from Identity Theft. Visit www.cibilconsultants.com

Source: Secondary