Hyderabad: Despite dozens of news reports, advertisements and advisories sent by banks, there are people continuing to fall prey to the tricks of online fraudsters after demonetisation. An NRI working in Qatar lost Rs 8 lakh in a matter of hours. Mr Praveen Kumar Thota opened an email supposedly from ICICI Bank and found a brief message and a link that said his bank account needed to be upgraded. A click on the link opened a new tab which looked like the bank’s website.
It asked for his user ID, password, OTP, URN and PIN numbers. He entered his account details. Within hours, his NRI account started getting emptied. An investigation by Cyberabad Cybercrime police found it was a phishing email. Clicking on the link allowed the cyber criminals to get hold of his password and other details needed to operate his account. Cyberabad police finally traced the three-member gang that stole Mr Kumar’s money.
“Phishing e-mails and websites have a familiar appearance to deceive customers into thinking the sender or website is the bank,” cybercrime inspector Md. Riyazuddin says. Mostly the criminals send links of non-https websites, through which they can copy the details punched in by the customers. Experts say another scam is to send malware — short for ‘malicious software — to extract information from the user’s computer when he clicks on the link. “Malware like the Trojan can gather confidential information without your knowledge and transmit it to the criminal," said a city based ethical hacker.
Phishing websites are gateway to gather data:
A month after the demonetisation of Rs 500 and Rs 1,000 notes was announced, a group of researchers from the US-based cyber security firm FireEye notified the Indian Computer Emergency Response Team (CERT-In) about the surge in phishing websites that spoof more than 20 Indian banks, including HDFC Bank, ICICI Bank, IDBI Bank and the State Bank of India. The websites act as a gateway to steal personal information from customers who click on the malicious link sent by the cyber crooks.
Many website domains were found to be registered in early 2017, experts say. The online criminals, a majority of them based in foreign countries, are trying to cash in on the post-demonetisation situation in India. Their target is gullible customers who are new to the online transactions which the central government has been urging all citizens to adopt. A FireEye employee describes how a malicious link which opens up the spoofed website of a bank, functions: “The website requests the valid 10-digit mobile number and email ID. Upon entering these, the victim will be redirected to the spoofed online banking page, which requests that they log in using their username and password. After entering their login details, the victims will be asked to key in their one time password (OTP). Once all of the sensitive data is gathered, a fake failed login message will be displayed to the victim.
“Phishing has its own development lifecycle. It usually starts off with building the tools and developing the ‘hooks’ for luring victims into providing their financial information. Once the phishing website (or websites) is fully operational, we typically begin to see a wave of phishing emails pointing to it,” he said. “In this case, we see that phishing websites have been crafted to spoof multiple banks in India. These attackers can potentially grab sensitive online banking information and other personal data. They can even provide support to multi factor authentication and OTP. Moreover, disguising the initial presentation to appear as an online payment gateway service makes the phishing attack seem more legitimate,” he said.
