Phishers eye India brands

By PAWAN BALI

New Delhi

June 29: Indian brands have emerged as the favourite target of phishers after the US, according to Indian Computer Emergency Response Team (CERT-IN), which handles computer securities incidents in the country.

Phishing is a fraudulent activity to acquire personal information of a user like bank account number, user name, password, credit card details by using social engineering techniques.

Phishing uses e-mail messages that purport to come from legitimate businesses that one might have dealings with like banks, Internet service providers and insurance agencies.

Typically, they ask for verification of certain information, such as account numbers and passwords, allegedly for auditing purposes.

When the users enter the information, data is immediately sent to the phisher who thereby uses this information to transfer money from user’s account.

Out of the total brands hijacked by phishers in 2007, 80 per cent belonged to the US and 15 per cent to India.

A mere two per cent brands hijacked in this period were from Italy and rest three per cent from other countries. India’s official domain name ".in" is reported with highest country specific top level domain hosting phishing page.

The most targeted domain under ‘.in’ is ‘.’ amounting to 31.8 per cent and next is ‘.in’ amounting to 30 per cent.

CERT-IN found that while consumers are becoming aware about phishing, the phishers are also becoming more sophisticated.

Now phishing threat also includes phishing based trojans and malware like logging system, which run in the background intercepting a user’s account information and reporting it back to criminals without user’s knowledge. One of the most active malware ‘Storm BOT’ is being used to perform phishing attacks on financial institutions and banks. ‘Fast flux phishing’ and ‘Rock Phish’ are the other new techniques used by phishers.

In the beginning, phishers only used big brand name financial institutions or on-line retailers to target consumers.

Now phishers are expanding their targets to smaller financial institutions that consumers feel will be less likely to be affected. Last month 82 cybers security related incidents were reported to CERT-IN, in which 27 per cent related to phishing.