Phishers target India, IT sites most affected

Infotech Lead India: Phishing is on the rise globally and Indian IT websites have emerged as the most vulnerable target last year.

The Symantec Intelligence Report on phishing sites in India reveals that the number of phishing URLs associated to Indian brands accounted for 0.15 percent of the global phishing statistics in January 2013.

The report also reveals that the global phishing rate has increased by 0.018 percentage points, taking the global average rate to one in 466.3 emails (0.214 percent) since January 2013.

The financial sector has suffered losses to the tune of more than 130 crores in the past 3 years due to various sophisticated attacks. Education topped the list of the most targeted websites in 2011 and took the second place in 2012. Phishing sites spoofing education websites was most prevalent in Rajasthan, Andhra Pradesh, Delhi, Maharashtra, and Punjab.

Classified in various categories, the most targeted Indian sites were Information Technology (14.40 percent), Education (11.90 percent), Product Sales and Services (9.80 percent), industrial and manufacturing (7.30 percent), and Tourism, Travels and Transport (5.80 percent).

Phishers seemed to spare websites such as Government, Telecommunication, and ISP as they targeted more vulnerable websites.

The latest phishing email doing the rounds is allegedly from India’s central bank, asking denizens to secure their bank account details with the RBI and  conning people into disclosing bank account details.

The email says RBI has launched a new security system, asking users to click on a link to open a page with list of banks in place. Once anyone chooses a particular bank, it asks for all net banking details, including card numbers and the secret three digit CVV number, among others.

ESET researchers reveal that latest cyberthreats targeting Indian small and medium businesses (SMEs) are spams related to Income Tax. The spam e-mails often lead users to infected websites or get them to open infected attachments that try to compromise the system. SMEs are easy targets for cybercrime as they lack the security resources of big corporations.

Internet users are advised to avoid clicking on suspicious links in email messages. Users must always refrain from providing any personal information when answering an email. Phishers often resort to using pop-up pages or screens that randomly appear while browsing, asking for information under the pretext of giving away freebies or inviting participation in raffles or a lucky draw. Users must avoid entering personal details in such pop ups.

It is also advisable to check whether the website is encrypted with an SSL certificate, indicated by a padlock, ‘https’, or the green address bar when entering personal or financial information. Regularly updating security software will also help protect users from online phishing.

Good security software, antivirus with anti-spam and anti-phishing, some basic social media security policies for employees along with basic training on secure behaviour online and offline, are effective measures to safeguard  sensitive information and data.

Also read When enterprise network security is unpredictable…

Meanwhile, IDC on Thursday said denial of service (DoS) and distributed denial of service (DDoS) attacks are making a resurgence. Several high-profile assaults on the world’s leading financial firms and other industries have recently been experienced. And attacks are increasing in frequency, data volumes and application specificity.

IDC says the worldwide market for DDoS prevention solutions (including products and services) will grow by a compound annual growth rate (CAGR) of 18.2 percent from 2012 through 2017 and reach $870 million.

Christian A Christiansen, vice president, Security Products & Services research at IDC, said: “As these attacks surged in prevalence and sophistication, organizations were often caught unaware. Embedded capabilities were quickly overwhelmed and outages were readily apparent on the Web. This is driving the need for proactive solutions to protect customer’s infrastructure from current and future attacks.”

[email protected]