Phishing scams in India and legal provisions (Part 2)
Phishing is an online crime in which the fraudsters disguise themselves and use false and fake websites of bank and other financial institutions to deceive people into disclosing valuable personal data.
PHISHING IS a relatively new concept in India, unheard of couple of years back but recently there has been rise in the number of phishing cases in India where the innocent public has fallen prey to the sinister designs of fraudsters. The recipients of the mails were told to update their bank account information on some pretext. These emails included a hyperlink with-in the email itself and a click to that link took recipients to a web page, which was identical to their bank’s web page. Some of the unsuspecting recipients responded to these mails and gave their login information and passwords. Later on, through internet banking and by using the information so collected a large number of illegal/fraudulent transactions took place. Apart from the general banking phishing scams, some of the recent phishing attacks that took place in India are as follows: •RBI Phishing Scam: In a daring phishing attack of its kind, the fraudsters did not spare even the Reserve Bank of India. The phishing email disguised as originating from the RBI, promised its recipient prize money of Rs.10 Lakhs within 48 hours, by giving a link which leads the user to a website that resembles the official website of RBI with the similar logo and web address. The user is then asked to reveal his personal information like password, I-pin number and savings account number. However, the RBI posted a warning regarding the fraudulent phishing e-mail on the bank's official website.
•IT Department Phishing Scam: The email purporting to be coming from the Income Tax Department lures the user that he is eligible for the income tax refund based on his last annual calculation, and seeks PAN CARD number or Credit Card details.
•ICC World Cup 2011: One of the biggest sporting events is also under phishing attack. The fraudsters have specifically targeted the internet users of the host countries i.e. India, Bangladesh and Sri Lanka where the matches of the world cup are going on. India, which has been allotted 29 matches of the world cup, is obviously the prime targets of the phishing attacks. The modus operandi is similar to the banking phishing attack. The fraudsters through the similar looking fake website of organisers of the event have tried to lure victims with special offers and packages for the grand finale of the event. The users were asked for credit card details to book tickets and packages along with their personal information, which once submitted would be used to compromise the online banking account of the victim leading to financial losses to the victim.
•Google under Phishing Attack: Recently, the users of the Google email services, “Gmail” purportedly received a legal notice from the Gmail team which wanted users to refurbish their account name, password, occupation, birth date and country of residence with a warning that users who did not update their details within 7 days of receiving the warning would lose their account permanently. However, the spokesperson of the Google denied any such legal notice coming from them and stated it to be a phishing attack designed to collect personal information, called 'spoofing' or 'password phishing'.
Modus Operandi of phishing attack used to target bank customers in India:-
1.The hackers create fake look alike websites of the target bank or the organisation and sent emails to the customers of the bank/organisation luring them to provide them the login details in order to upgrade the server. It was revealed that for this purpose the fraudster hosted the web page containing URL links of the target bank/organisation with the help of their associates from foreign countries like Nigeria, Russia etc.
2. Before a transfer of funds through internet banking is executed, the bank sends a SMS to the transferor in order to confirm the transaction. The fraudsters, when they get hold of the customer’s personal information change the contact numbers of customers with their own, so that the transfer of funds through victim account to beneficiary accounts goes unnoticed.
3. In these cases, when the customers fall into trap and pass on their Internet banking password and user name, the fraud is perpetuated in three forms:-
a)The account to account transfer from the victim’s account to a beneficiary account.
b) For recharging the mobile phones.
c) Making purchases online permissible by net banking facility.
4.The beneficiary account in which the funds are transferred are fake accounts which were opened by giving fake ID ocuments, like fake passports, fake election I Cards, fake Pan Cards etc.
5.The phishing scam revealed the involvement of Nigerians but the beneficiary accounts were opened in the name of Indians as the account with Nigerian names would arouse suspicion. Some of the beneficiary account holders were carriers of the hackers while some of the beneficiary’s accounts were opened by luring the persons by giving them some consideration in lieu of their services to open the account in their names and get the ill-gotten money transferred in their accounts.
6.The suspected IP addresses from which the fraudulent internet transaction took place were of various foreign countries which indicate the use of proxy IPs by the hackers to mislead the investigation agencies.
7. It has been revealed that the amount is withdrawn immediately by the hacker after the account has been compromised.
(To be Continued) http://www.merinews.com/article/phishing-scams-in-india-and-legal-provisions-part-1/15845848.shtml
•IT Department Phishing Scam: The email purporting to be coming from the Income Tax Department lures the user that he is eligible for the income tax refund based on his last annual calculation, and seeks PAN CARD number or Credit Card details.
•ICC World Cup 2011: One of the biggest sporting events is also under phishing attack. The fraudsters have specifically targeted the internet users of the host countries i.e. India, Bangladesh and Sri Lanka where the matches of the world cup are going on. India, which has been allotted 29 matches of the world cup, is obviously the prime targets of the phishing attacks. The modus operandi is similar to the banking phishing attack. The fraudsters through the similar looking fake website of organisers of the event have tried to lure victims with special offers and packages for the grand finale of the event. The users were asked for credit card details to book tickets and packages along with their personal information, which once submitted would be used to compromise the online banking account of the victim leading to financial losses to the victim.
•Google under Phishing Attack: Recently, the users of the Google email services, “Gmail” purportedly received a legal notice from the Gmail team which wanted users to refurbish their account name, password, occupation, birth date and country of residence with a warning that users who did not update their details within 7 days of receiving the warning would lose their account permanently. However, the spokesperson of the Google denied any such legal notice coming from them and stated it to be a phishing attack designed to collect personal information, called 'spoofing' or 'password phishing'.
Modus Operandi of phishing attack used to target bank customers in India:-
1.The hackers create fake look alike websites of the target bank or the organisation and sent emails to the customers of the bank/organisation luring them to provide them the login details in order to upgrade the server. It was revealed that for this purpose the fraudster hosted the web page containing URL links of the target bank/organisation with the help of their associates from foreign countries like Nigeria, Russia etc.
2. Before a transfer of funds through internet banking is executed, the bank sends a SMS to the transferor in order to confirm the transaction. The fraudsters, when they get hold of the customer’s personal information change the contact numbers of customers with their own, so that the transfer of funds through victim account to beneficiary accounts goes unnoticed.
3. In these cases, when the customers fall into trap and pass on their Internet banking password and user name, the fraud is perpetuated in three forms:-
a)The account to account transfer from the victim’s account to a beneficiary account.
b) For recharging the mobile phones.
c) Making purchases online permissible by net banking facility.
4.The beneficiary account in which the funds are transferred are fake accounts which were opened by giving fake ID ocuments, like fake passports, fake election I Cards, fake Pan Cards etc.
5.The phishing scam revealed the involvement of Nigerians but the beneficiary accounts were opened in the name of Indians as the account with Nigerian names would arouse suspicion. Some of the beneficiary account holders were carriers of the hackers while some of the beneficiary’s accounts were opened by luring the persons by giving them some consideration in lieu of their services to open the account in their names and get the ill-gotten money transferred in their accounts.
6.The suspected IP addresses from which the fraudulent internet transaction took place were of various foreign countries which indicate the use of proxy IPs by the hackers to mislead the investigation agencies.
7. It has been revealed that the amount is withdrawn immediately by the hacker after the account has been compromised.
(To be Continued) http://www.merinews.com/article/phishing-scams-in-india-and-legal-provisions-part-1/15845848.shtml
Login
 Login through Social ID
|
Not finding what you are looking for? Search here.
