Phishers have already proved their criminal intent in the financial sector by causing losses of more than Rs. 130 crore to banks in the past three years itself through various sophisticated means. India is currently under a wave of cybercrime, and is experiencing rapidly rising phishing attacks across the country. Symantec, the security intelligence firm, has published the Symantec Intelligence Report which throws light on the Indian Information Technology sites that are vulnerable and exposed to phishing and fraud attacks of various sorts in the year 2012.
According to Symantec’s report, phishing attacks have increased 0.018 percentage, taking the global average rate to one in 466.3 emails (0.214 percent) since January 2013. The report has also specifically published details about the month of February 2013. As per the report, the number of URLs affected by phishing by cyber criminals associated with Indian sites were 0.15% out of the golbal phishing stats.
The report also clearly defines the particular category of Indian sites which are most affected by phishing. Education was the category with most number of affected sites in 2011, but dropped a position and came on the second position last year. Major regions of the country which hosted sites affected by phishing attacks included ion Technology(14.4%), Education(11.9%), Product Sales and Services (9.8%), Industrial and Manufacturing (7.3%), and Tourism, Travels and Transport (5.80%).
“This implies a new wave of phishing attacks among various organisations as the cyber criminals become highly sophisticated and targeted. Phishers continue to pursue Indian sites across many disciplines to host their phishing pages,” said the Symantec research. The research also stated that the possibility of secure government-related websites was really low and they were placed at the bottom of the list. This proves that only vulnerable websites of a specific category are attacked by phishers.
Apart from this, the Symantec Intelligence Report also gave out some best practices to follow in order to avoid phishing attacks.
Some of them include:
- Do not click on suspicious links in email messages
- Do not provide any personal information when answering an email
- Do not enter personal information in a pop-up page or screen
- Ensure that the website is encrypted with an SSL certificate by locking for the padlock, ‘https’, or the green address bar when entering personal or financial information
- Update your security software, frequently, which protects you from online phishing
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
I think the purpose of this report by Symantec should come as a wake-up call for the government and the general public against the rising threat they face against Cyber attacks, especially phishing. Also, corporate houses, like banks and other IT cos need to team up aggressively to work along with the government to prevent such attacks. Cybercrime is indeed a valid threat for Indians and there should be no complacency from both ends. In such a case, I think the government needs to go ahead quickly with forming a clear cyber security policy for the country. Earlier this year, Kapil Sibal had said that India was to have a clear cyber security policy soon, and I strongly feel that doing this will actually improve the Cyber security scenario in India.
Image Courtesy | econintersect