Phishing fraud in India on Increase !??!!.
Saturday, May 22, 2010
There has been spate of phishing email received in my inbox, in the recent past. With high rate of internet proliferation and online bank usage, these phishing email are also on increase, Gartner had reported about 3.6 billion USD lost in a year due to phishing. Considering this, I am wondering how knowledgeable is the Indian public is dealing with phishing email and how efficient are our cyber laws dealing with such frauds. In the last two months, I had received phishing emails appearing to have been sent from ICICI Bank, UTI Bank, Punjab National Bank, asking me to validate my bank account for some reasons or the other, which might look very genuine. Interestingly, even the From: address of the email is almost similar to Bank address and any one can get easily deceived by mistaking it to be an authenticated address. Take a look at phishing email for ICICI: There is a link asking you to click for your account verfication, the visible email link will be a some bank address to deceive you, but the page take you to different page which fraudster has programmed to 'phish' his victim. If you look at the webaddress of these link (indicated by Red circle-just above the tool bar), its not the actual bank link, its fraudster own link, it take one to the bank look like log in page. If a users enters his actual user id and password, fraudster would have the actual user id and password (Phished). Once fraudster has the user id and password he can use it for transacting out the victim money to a different bank account. Though Bank have been educating the user about Phishing, stating that they never ask for users access details, but not sure how much it reached the public. Further, if user access has been phished and money siphoned off, I do not have much clue on the course of action to be taken by the victim?. Also, how strong are the cyber laws in India and for any investigation to happen the investigation agencies has to tech savvy to understand the technicalities behind the fraud. I welcome reader's thoughts on this.
The from address is stated to have been sent from icicibank.com domain. I still do not understand how easy it is to affix a particular registered domain address in the outgoing emails.
Take a look at the UTI phishing email:
Lastly, if you feel that, this article has some value in preventing the phishing, I would suggest forwarding the article link to your friends.