Browse by year:
February - 2005 - issue > Cover Feature
Harish Revanna
Monday, November 17, 2008
“It’s not common in India,” says the analyst. Phishing, phonetically “fishing” is the next profit market for online scammers of India. The word means fishing for important data among Internet users through baiting-emails. The spelling is brutal evidence portraying the earthy innocence of an illiterate phisher-men when it came to spell words, and pronouncing—a bigger ordeal.

Phishers are still not even a decade old, and they are growing with the Internet. Even if your country is not Internet savvy, phishers are sitting in your inboxes to phish you out. With a mere 1.7 percent of Internet penetration in India today, 60 percent of the emails received are packed with junk, says Niraj Kaushik of Trend Micro India, an anti-virus developer.

As e-commerce and the Internet banking systems in the country gain momentum, the risk of information leakage is mounting. Although the country’s organized cyber crime-stars are many, international scammers are making invading to every country possible, by scouting usernames, passwords, credit card numbers, and other private data. For this coveted information, the scammers are eyeing corporate email Ids that are the entryway of private information.

The process of phishing begins with a luring mail in your Inbox, embedded with links to a spoofed website and often the actual website. By providing a link to the actual website, the authenticity of the email is confirmed and there are possibilities of users providing confidential information. Sometimes, even just clicking the link can allow viruses to infest your computer and infiltrate your data, and transactions.

In a recent research conducted, Citibank had the 628 attacks worldwide. Baazee, an online retailer also had complaints of phony email its customers received, baiting them to enter his confidential username and password. While most of the financial institutes and online trading portals today are suggesting its users log in personally to their websites and not through an email link, some have even explained the test’s self-administration—like the subtle difference in websites with “https” and “http” Here, the letter “s” represents security.

Currently, no reports indicate any major conning in the Indian electronic history. But the prospects are bright say industry veterans. India’s credit card owners and online traders are accessing the Internet without any proper knowledge of how it works and proper security measures taken. Although India’s user industry is naïve, professionals are indulging in creating phish-websites, say the anti-phishing association. Accordingly, with 1.8 percent, India holds the eighth position in the world for hosting phishing-based websites. Despite India’s 25.2 percent difference from the U.S in hosting phishing-based websites, India recently held the distinction of creating a phony website that collected money for John Kerry’s Presidential campaign.

Tracing scammers in India is like hunting for elephants because they are easily traced, according to cyber police. But to arrest someone, a complaint must be filed, which the department hardly receives. Users are so ignorant they don’t even know they are getting conned, unless they end up bankrupt, quips the cyber cop. But still, there is always a bolt from the blue in this cyber world. One wouldn’t know who would be the next John Draper or David Mitnik from India.

Phishing attacks have forced the financial sector to step backwards in protecting their customer data. These scammers follow the money and make a great deal of money from these attacks. Phishing attacks to a normal person appear legitimate, making it very difficult for enterprises to detect this behavior. Collective knowledge on traffic patterns and anomalous behaviors of these IP’s will emerge as future technologies, such as SenderID and Domain Keys which help detect Phishing scams early.

Share on LinkedIn