The next time you receive a “genuine-looking” email from your bank and decide to enter your private information in the space provided, step back and think twice… or maybe longer. The mail could turn out to be fake and you could lose all your life’s savings in a matter of hours. For all you know, you could get trapped in the phishing net (pun intended!), and while you may not know it, it is on the rise. To put it in simple terms, phishing is a fraudulent act wherein users receive “genuine-looking” emails from banks or legit establishments to coax them into entering their private details. These details are then misused for identity theft. Norton, on its website, refers to phishing as an “online con game” and phishers as “nothing more than tech-savvy con artists and identity thieves”.
Before it happened to him, South Mumbai-based businessman Shishir Sadani (Director, Aarogyam Packaging Solutions Pvt. Ltd.) neither knew a lot about phishing, nor did he know of anyone who had taken the bait and suffered monetary loss. For Sadani though, it all started with receiving a rather authentic-looking email from United Bank of India (firstname.lastname@example.org) at 1:43pm on March 20, 2013, where his company Aarogyam Packaging Solutions Pvt. Ltd. holds an account. The mail asked Sadani to update the details and the password of his account, which he promptly did to keep his account up to date. Naturally, he suspected nothing out of the ordinary.
Sadani received a stream of bank SMSes containing details of fraudulent transactions. In a matter of hours, money to the tune of Rs 16,52,000 had been transferred from the company's account by way of RTGS. The money was transferred to five different accounts across India (Gazipur, Kandivali, Meerut, Jaipur and Delhi). The account was left with just the minimum balance.
Think before you click (Image credit: Getty Images)
With prompt action from his bank, Sadani could stop some amount from being transferred to Jaipur, and with some pressure from his bank, the HDFC Bank Manager at Gazipur informed him that they had the video footage of the person withdrawing the money at their branch. K V Murali, Assistant General Manager at United Bank of India, told us that with this intervention, a considerable sum had been stopped from getting transferred. As for the remaining amount, he said, “It was too late by then.”
Sadani reported this incident at the Bandra Kurla Cyber Crime Branch and the investigation is ongoing.
When asked what prompted him to click on that link in the email, Sadani admitted that it “looked quite genuine”. Sure enough, phishing emails are made to appear such that regular users do not suspect anything out of the ordinary and end up easily sharing their private details.
The Wikipedia page for phishing says, “Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.”
Speaking of web security, Sadani, whose case is currently under investigation with the city’s cyber crime cell (Bandra Kurla Cyber Crime Branch) believes that while the necessary technology is available at the disposal of the cell to tackle such cases, a swift pace would be much appreciated. “They are doing things at their own pace,” said Sadani.
In cases like these, one must tread with much caution as it could just happen to anyone.
Norton points out that phishing emails usually do not come personalised, unlike genuine ones that carry a reference to an account you have with them. It is also advised never to click on links within an email, and instead type the URL directly into the address bar of a new browser.
For better understanding, we spoke to Senior Police Inspector Nandkishore More of BKC Cyber Crime Investigation Cell. More told us that they receive around 5-10 complaints regarding phishing, each day. He said that users should maintain caution at their end too. “No legit establishment will ever ask users to part with their sensitive, personal information, especially related to finance via email,” he said, when asked a question pertaining to Sadani's case.
Speaking on the general scenario of cyber crime in the country, More said that it is a borderless crime and at times, put limitations on them. “Sometimes we detect IP addresses that are located outside our country,” he pointed out.
Mumbai's Cyber Crime Investigation Cell, on their website, advises users to follow a general test the next time they are posed with a situation like this –
Before you jump the gun, take this test:
- Is the email from someone that you know?
- Have you received email from this sender before?
- Were you expecting email with an attachment from this sender?
- Does email from the sender with the contents as described in the Subject line and the name of the attachment(s) make sense?
- Does this email contain a virus? To determine this, you need to install and use an antivirus program.
More went on to mention that though they do not have IT experts working for them, they (officers, themselves) have been working upon improving the skills required to do the job. “We are learning, too,” he said.
Publish date: April 1, 2013 4:01 pm| Modified date: December 19, 2013 10:30 am