Phishing Attacks!

What could set the alarm bells ringing for the Indian banking system is the revelation that there has been a six-fold rise in phishing attacks on the country's lenders during the last four months alone.

Phishing is a form of internet fraud that aims to steal valuable information such as credit card details, social security numbers, user IDs and passwords for financial gains.

The fraud is executed through spoof emails and fake websites that prompt users to disclose their personal details.

The 24X7 Security Response Lab of Pune-based internet security firm Symantec found that in October last year, there were 20 unique attacks on Indian banks while the figure has grown to 120 attacks as of January, 2008.

"The attacks are now becoming more localised, subtle and target-specific... The increase in the number of attacks reflects that they are getting successful," said Prabhat Kumar, director, Security Response, Symantec.

From fame, the phishers are now turning towards making a fortune, he added.
             

The Symantec lab monitors the complete threat spectrum and malware activity all across the world. It provides support in 14 languages against phishers who are extensively using sophisticated methods to install spyware, Trojans, worms and viruses.

But, it is not actually a security breach for the bank.

"The banks have put in the best possible security but it is the unsuspecting user on whose back the phishers enter the system," Singh said.

The latest Internet Security Threat Report by Symantec had ranked Mumbai as the most notorious in India in terms of phishing sites with 38 per cent, followed by New Delhi with 29 per cent.

Even Tier-II cities like Bhopal, Surat, Pune and Noida too had reports about phishing site activity.

"Surprisingly, a large number of home PC users do not even have a basic security feature," Singh said.

The report highlighted that the malicious code in India included 57 per cent worms and 21 per cent virus attacks but even complex threads like Trojan made for about 20 per cent of the attacks.

Recently, leading private sector lender HDFC Bank had filed a police complaint against a "money mule" scammer. The accused had used a bank customer as a mule to transfer money, acquired through phishing attacks, to different accounts.

Even the Reserve Bank of India (RBI) had advised the public not to succumb to the temptation of fictitious offers of large funds through e-mails from unknown entities.

"Members of public should also not make any remittance towards participation in such schemes/offers from unknown entities," it had said in a recent notification.

The RBI has issued the warning to caution individuals who initially receive tempting offers of large funds on various pretexts from unknown overseas entities through e-mails and letters and are later requested to remit a small amount as commission for transfer of the money.

To learn about Identity Theft, contact www.cibilconsultants.com
Source: Secondary

Oh Phish! Many Biting The Bait

About 20% Indians claim to be victims of phishing attacks, according to Microsoft Computing Safer Index, a study that reveals impact of poor online safety behaviour.

Released on account of the Safer Internet Day, on February 11, the study claims that 12% of Indians surveyed say they have suffered identity theft at an average cost of Rs 7,500.

The survey was carried out among 10,500 consumers globally in the March-May 2013 period. It asked consumers to share their online experiences.

According to the survey, the annual worldwide impact of phishing and other forms of identity theft could be as high as $5 billion, while the cost of repairing damage to people’s online reputation was at nearly $6 billion.

The internet touches our daily lives for almost everything, from communicating, to work, to shopping to paying bills, says Prakash Kumar, national technology office, Microsoft India.

“But how cautious are we about monitoring our online presence, and taking note of our own vulnerabilities? There are many things that can be done to stay safer online,” says Kumar.

Microsoft asks netizens to protect their online activities by visiting websites that provide a range of hints and guidance for guarding devices, online accounts, performing sensitive transactions over secured networks, taking charge of online reputation and protecting social circles.

In Bangalore, collegemates Adithya Naresh and Yogesh S, students from the Amrita School of Engineering have started a hackers club in their college called Hacs (hackers for applied cyber security).

“The objective is to expose our classmates and juniors to the scope of cyber security and create awareness. We also intend to hold a techfest in this segment early next year,” say Adithya and Yogesh.

Tips to stay safe online: 

1. Use a unique four-digit PIN for mobile devices and strong passwords for online accounts.

Perform sensitive transactions over secured networks. This includes paying bills, banking or shopping.

2. Take charge of your online reputation. Know what information about you is on the internet, reevaluate it, remove unwanted content.

3. Protect your social circles. Use privacy settings to manage the information you share and with whom you share it. Be selective about what you post and accepting friends.

What is phishing?

Phishing is the act of attempting to acquire information such as usernames, passwords and credit card details by masking as a trustworthy entity in an electronic communication. Communications from social websites, auction sites, banks, online payment processors are commonly used to lure unsuspecting people.

Rich haul

India faces 1,200 phishing attacks each month, as per industry estimates, while globally, 1.25 lakh phishing attacks were identified in the third quarter of 2013. Losses owing to phishing globally were about $1.66 billion.

Taking serious steps towards setting up a strong cyber security strategy, the central government in July declared its first National Cyber Security Policy, aimed at creating five lakh professionals by 2015.

Currently, there are only about 556 trained cyber security personnels in the government sector in India, as per KPMG estimates. This is minuscule compared with 1.25 lakh in China, and 91,080 in the US.
To learn about identity theft visit www.cibilconsultants.com
Source: Secondary

Ways to Avoid Online Identity Theft

In today's cyber world, where most of your personal information is online, it's easy for fraudsters to steal and misuse it. Here's a look at the way they can trick you and what you can do to protect yourself.

How your identity can be stolen?

SHOULDER SURFING

As the name suggests, it's simply someone looking over your shoulder or using a mobile phone to click a photo while you are using your credit card, keying in your PIN at an ATM, filling up important information in a form or cheque, or just typing your password.

WIRELESS IDENTITY THEFT

Also known as RFID (radio frequency identification) theft, it steals the personal information that is stored on cards with RF chips embedded in them, such as your office ID tags.

PHARMING

A domain is hijacked by a criminal, who then steals the data of any user who accesses the website.

MALWARE

It stands for malicious software and includes anything that can be used to gain access to your PC and steal data from it. This could be through spyware, keyloggers, Trojan horse, adware, worm or virus. It disguises itself as something innocuous and stays hidden in your PC.

PHISHING

An e-mail from a seemingly reliable and known source will direct you to a phony website that looks legitimate. It will ask you to input personal data and finances to access the site, and then steal that information.

VISHING

A fraudster pretends to call up from your bank or service provider claiming to need your personal details because they are upgrading you or updating data.

SKIMMING

The secret information in the magnetic strip of your credit/debit card is copied and then used on a counterfeit card.

SMISHING

You will receive a text message on your mobile phone informing you of a service that you have signed up for or stopped. If you click on the link provided or call the number given, you will be told that you can proceed only after providing essential information.

How to protect yourself?

Here are 8 ways to be vigilant and safeguard your identity.

TEAR IT UP

Scrutinize all correspondence from financial institutions and shred it . Ensure all such e-mails are protected by passwords. Tear your ATM slips and cancelled cheques, don't just crumple them when you throw them in the trash.

WIPE EVERYTHING

Before disposing of your old gadgets, completely wipe out the memory or any data on it. Even an SMS or mail from your bank can be misused. Remove sensitive data before lending your phone, laptop or pen drives.

CALL BACK

Don't give out personal details no matter who calls you up. Log in to the website or call the customer care yourself. Bookmark websites used often so that you can access them directly rather than through a 'phishy' e-mail.

VIRTUAL PASSWORDS

Use virtual keyboards to input your passwords. Change these frequently and use different ones for various websites. Hackers access online forums or blogs to hack passwords because people usually use the same passwords for everything.

Source: Secondary