Corporate Accounts in India Top Target for Phishers

A new trend has been witnessed in the Indian cities during the last two years where cyber criminals are attacking corporate (salary) accounts with e-banking facility, as reported by timesofindia on August 31, 2008.

The problem started in the mid-2006 and the number of fraud cases is continuously growing in the country. In 2007, Bangalore Cyber Crime Cell reported around 47 fraud cases, while this year till August 2008, 33 cases have already been reported. The net effect of these frauds would be on 130 accounts spreading throughout the country.

Moreover, phishers are targeting salary accounts of various companies that have corporate accounts in private banks through computer virus, malicious software and malware. Usually, phishers target only those private banks that have the maximum number of corporate accounts in Bangalore. Officials of Cyber Crime Cell said that the root of the menace is located in Nigeria where a hackers group is launching phishing attacks via a proxy server.

The phishing tactic adopted by hackers is very simple. Account holders receive e-mails that direct them to update their details for account upgradation. These e-mails appear official and ask users to confirm their e-mail addresses by visiting a site where user's account information, PIN details and passwords are sought. As the user provides these details, his account is compromised.

Further, phishing has evolved as a serious problem in India. Leading banks or their clients were mainly targeted by phishers last year. Symantec, an online security firm, reveals that India is the 14 largest phishing Website hosting country, with Mumbai at the top for hosting phishing sites (38%), followed by Delhi (29%) and Bangalore and Chennai both accounting for 12%.

However, it should be noted that banks do not ask for password or other sensitive data through e-mails. Awareness should be spread among people using e-banking services. Moreover, people get such e-mails that asking for sensitive information should immediately contact with the concerned bank.

In August 2008, a senior citizen from Chennai, age 72 and retired bank manager, lost his lifetime savings Rs 21 Lakhs (US$ 47.5 thousands) after giving away his bank details unintentionally to phishers by opening a malicious e-mail.

Related article: Corporate End Users Disdainful to IT Security

» SPAMfighter News - 9/4/2008