Saturday, February 14, 2009

Beware! That email may be phishing for your cash - DNA - 13 Feb 09

Ahmedabad: In May 2007, a suspicious transaction was observed in Snehal Gandhi's NRI account. Rs2 million had been transferred to the account of one Raju Solanki. Gandhi's account had been hacked into by a class 12 dropout, Sanjay Koliya, who had then fraudulently transferred the amount. Though the crime was detected in May 2007, it was more than 18 months before bank authorities and the police were able to nab the hacker.

This incident was just one among the ever-growing number of cases of phishing in India. Phishing takes the form spam in a person's email account, asking the recipient to provide details of his or her bank accounts, credit card, social security number, user IDs and passwords.

"Phishing is when an email or webpage is a replica of the existing one, meant to fool users into submitting personal, financial or password data," said an expert at a seminar on 'Bank fraud: Prevention and investigation' held at the Gujarat Police Academy, Gandhinagar, on Thursday.

Though phishing is rampant in India, the number of cases reported is few on account of the complexity of the law. Most complainants spend their energy in finding a police station that has jurisdiction over the crime, where they can register their cases. Those most vulnerable to phishing are people who use the internet for transactions.

"There are many incidents of phishing in the state, but few are reported," an expert on cyber crime said on the sidelines of the seminar. Experts who spoke at and after the event said the phishing was threatening to become the next big cyber crime. "In phishing, the initial email is designed to entice the recipient into opening the email and clicking on the link provided," Nandkumar Sarwade, general manager, ICICI Bank, said.

Fraudsters have multiple ways of doing this, including having enticing subject lines, images and text; forging the address of the sender; and disguising links within the email. The speakers at the seminar said there were certain warning signals to alert bank account holders to phishing. People should avoid replying to emails that claim to be from a bank or ask for account details, whether by replying in the form of an email or clicking on a link to a website.

Phishing attacks in recent times have become incredibly sophisticated, making it harder to differentiate between a fraudulent and legitimate email. Recent scams have made use of standard company logos, convincing text and links to websites that appear to be of banks.

By Roshan Kumar

No comments: