Phishing : Better Safe than Sorry

Internet, the most sophisticated and sought after tool of the modern era, no doubt made our life a lot easy. From research to sending emails, sharing photo, chat rooms, messenger services, bill payment, shopping, air/railway/bus ticket to social networking, everything is now accomplished by a few clicks here and there. Advent of e-retailing combined with net/mobile payment gateways spared the need to stand in queue at a bank or a merchant establishment. However if one fail to exercise necessary caution, it could lead us to fall into the hands of a class of tricksters called Cyber Criminals who are out there on a mission to poach our personal data and use it to swipe clean ones savings. This article, leaving the complex ones, discusses a very simple yet damaging class of fraudulent attempt called Spoof or Phishing Email which trick us to part with our personal data.
Take a look at the email below, reproduced from a real phishing email received a few months ago from an unknown sender :
Due to the congestion in all Yahoo! users and removal of all used Old and New Accounts, Yahoo! would be shutting down all used Accounts, You will have to confirm your E-mail by FILL IN all requested Information below after clicking the reply button, or your account will be suspended within 48 hours for security reasons. The personal information requested are for the safety of your Yahoo! Account.
* Full Name : ………………………………..
* Email : ……………………………………..
* Password : ………………………………..
* Date of Birth : ………………………….…
* Occupation : …………………………..….
* Country or Territory : …………………….
Warning!!! Account owner that refuses to update his or her account before two weeks of receiving this warning will lose his or her account Permanently. NOTE: Your information will not be shared and your password is safe.
Sincerely,
Yahoo! Member Services
Case number: 8941624
Property: Account Security
Contact date: 06-04-2010
Can anyone suspect foul play? Well the answer could be “Yes” or “No” depending on how much time and attention we devote reading it or responding to it in the worst case. Yahoo confirmed it did not send the email. Then who sent it? Those who guessed “Cyber Criminals” are right. Such emails/websites according to Microsoft Safety & Security Centre is called Spoof or Phishing (Pronounced fishing) emails designed to steal personal data or information such as credit card numbers, passwords, account data etc. If we are not cautious and reply to such emails, we would part with our online data which pranksters would use to open our email account, change password so that we are not able to login, then send messages to all those in our contact list requesting them to send money into pranksters account citing varied reason from illness to arrest. The damage is often irreversible.

Lottery Scam : Everybody aspire to become rich and if it happens through lottery/draw of lots, we consider ourselves lucky and tend to do whatever is asked, in order to claim the prize. Cyber criminal use this instinct to lure us to respond to phishing emails promising millions of dollars won by random selection of emails by computer. Brand names of big business entities are used as camouflage. The winner is asked to send personal information including bank a/c details, password etc to claim the prize money. Sadly, those who respond to such emails end up revealing their email/bank account password, credit card details which eventually lead to fraudulent withdrawal from their bank account. The point to ponder is we seldom win a lottery for which tickets were bought, then how can one win by not doing anything?
Online banking fraud : Recently I received an email from a pay site informing that my account usage has been limited and asked to click on a given link to resolve the issue. I was not using that particular paysite thus was not concerned, however reported the issue to the paysite. The paysite confirmed the email was indeed a spoof; a phishing attempt to collect netbanking password.

Clicking on the given link opened a page with appearance similar to banks netbanking page. Careful observation however revealed the address displayed on the browser’s address bar was different for the bank’s site. But the thing is how many of us would check the address bar before typing login ID and password? Cyber criminals thriving on this costly “miss” create false pages, fraudulently collect netbanking password and withdraw money from our account.

Now the question is what could we do to prevent such fraud? Installing an Antivirus and Operating System with latest updates is a pre-requisite. Experts suggest ignoring emails received from unknown senders, especially those with attachment. Best defense however is to educate oneself to such frauds and fraudulent attempts. Least we could do is follow some basic etiquette:
  • First and foremost : Password is purely confidential. Never disclose password to anybody specially when requested over phone or email; however genuine the request may appear.
  • Create passwords by mixing alphabets, numbers etc. Password should not be a conventional word found in dictionaries. Never use name/nickname, mobile/vehicle number, date of birth etc for Passwords. They are easy to guess.
  • Always login to netbanking site by typing the address in the browser. Never follow link provided in emails to login. Even if you decide to login type the address in the address bar yourself.
  • Always see that login page URL address begins with https: & look for a padlock in the address/status bar. The letter “s” means the site and transaction in the website is secured. Clicking on the padlock should display the sites security certificate.
  • Never carry out netbanking transactions from cybercafe or browsing centres. The may steal password and other credentials. In extreme circumstances, sue "incognito mode" or "in private browsing" methods.
  • Never disclose personal information such as phone number, date of birth, address etc. Keep such information away even from social networking sites.
  • Educate yourself about online phishing and fraudulent activities.
Number of instances has been reported in the media where unsuspecting people lost money since they failed to identify phishing emails and responded. Few cases have been reported from our Andaman & Nicobar Islands also wherein peoples lost money by responding to SMS/fraudulent emails. It therefore becomes important to acquire knowledge on the issue. Being aware is half the battle won - so netizens next time when you desire to be online, never forget to type the sites address directly on the browser, look for https: specially “s” and a padlock in the address/status bar in login page before hitting Enter. Most important share your experiences with your peers so that they too are made aware of the dangers and remain vigilant while online.

Comments

Post a Comment

Popular posts from this blog

Rising Ferry Fares in Andaman: 10-Year Analysis of Policy Failures and Impact

Image
A Decade of Rising Ferry Fares, Declining Services : Andaman & Nicobar’s Not-So-Funny April 1 Ritual By Debkumar Bhadra Every year on the  1st of April , the world observes April Fool’s Day—a day associated with harmless pranks and laughter. But for commuters in the Andaman and Nicobar Islands, the date over the past decade has evoked anxiety rather than amusement. This is because ferry fares unfailingly rise on this day, affecting local economy and the cost of living. This article examines the pattern of fare revision during the past 10 years, including administrative policy framework and the systemic inefficiencies, unravelling the gap between approved norms and actual implementation. The irony is becoming increasingly difficult to ignore. When fare revision takes effect unfailingly on a date globally associated with playful deception, it raises an uncomfortable question. Is the timing chosen a mere coincidence or a carefully chosen date? A closer look reveals not just the ...
Read more

Transition in A&N Island’s Higher Education Framework Pushes Students into Academic Uncertainty

Image
By Debkumar Bhadra The decision to establish the Netaji Subhash Chandra Bose Institute of Higher Learning (NSCBIHL) as a deemed-to-be university marks a defining moment for higher education in the Andaman and Nicobar Islands. For decades, the islands have aspired to build a locally administered university ecosystem. In principle, the creation of a university within the islands is a welcome and long-awaited step toward academic autonomy and regional development. However, the manner and timing of its implementation have pushed the island's students into academic uncertainty that merits thoughtful consideration rather than outright dismissal. The transformation from affiliation under Pondicherry University (a Central University) to a newly constituted Netaji Subhash Chandra Bose Institute of Higher Learning (NSCBIHL), a deemed-to-be university represents a fundamental shift in the island's academic landscape. Establishing a university from scratch is not merely a matter of no...
Read more

Beyond the Deemed-to-be-University Debate, a Democratic Milestone for the A&N Islands

Image
What began as a demand for a Central University has transformed into a democratic awakening among students By Debkumar Bhadra The recent developments concerning higher education in the Andaman and Nicobar Islands may ultimately be remembered not merely as an institutional transition but as a defining moment in the democratic evolution of the islands themselves. The islands being a UT without legislation, have over the years functioned under a governance structure driven by bureaucratic decision-making headed by the Lt Governor. In such a framework, policy decisions emerge from administrative corridors with limited-to-no consultation with islanders, their elected representatives, including their lone Member of Parliament. This has created a perception that decisions affecting the lives and future of islanders are taken without adequate stakeholder engagement. The latest and most consequential of such decisions has been the establishment of the Netaji Subhash Chandra Bose I...
Read more