The increase in the number of internet users in India, and the concomitant rise in the number of people who bank via the internet have proved an irresistible temptation to cyber criminals bent on exploitation. There exist multiple phishing kits which specifically target Indian banks.
In a nutshell phishing is the criminal act of extracting sensitive information, usually related to financial activities, from users using social engineering techniques. These techniques include spam messages purporting to be from well-known banks, and imitation internet banking sites which bear a striking resemblance to the originals.
Let us compare some examples of fake internet banking sites with the original inspirations behind them to get an idea of how potent phishing attacks can be.
Example 1 (ICICIBank)
Fake page:
Legitimate page:
Example 2 (IDBI)
Fake page:
Legitimate page:
There are several steps that an internet banking user could take to mitigate the chances of being phished:
- 1. Avoid emails, especially those which claim to be from a bank, perhaps not even your bank, which ask for sensitive information such as login details. No legitimate bank will ask for such details via email.2. When visiting an internet banking site, confirm that the main part of the website conforms to your bank’s name, e.g. the website address must be of the form:
https://<your specific bank>.<com or co.in>/<rest of website address>
3. Ensure that the website address starts with the letters ‘https’ which means that transactions will be conducted over a secure connection.
4. Ensure that a padlock icon is displayed by your browser which confirms that the connection is secure.
There is further information provided by the banks themselves to help you counter phishing attacks:
http://www.icicibank.com/safe-help.html
http://www.icicibank.com/emailfraud.html
https://inet.idbibank.co.in/corp/web/L001/images/helpfile/safeinet/do’s&don’ts.html
In addition to user vigilance, K7 products provide robust in-built Anti-Phishing protection in the Anti-Virus products as well as in the SecureWeb product specifically designed for conducting safe and secure online transactions.
Be the one that got away!
Samir Mody
Senior Manager, K7TCL
