What if all your private documents are shared across the Internet? What if all your savings are robbed out of your net bank account? What if your mail account has been spammed, or even worse, if your company's sensitive data has been hacked?
Statistics says India is among the top three countries targeted for phishing attacks. Globally, it is estimated that there are three crore victims of identity theft annually, with losses of nearly Rs.10,00,000 crore to companies.
Has anyone you know ever lost control of a net banking or email or social network account and inadvertently sent spam or worse? Your bank account, money, your photos, your private documents as a whole your identity — if you reuse the same password on multiple sites and one of those sites gets hacked, or your password is conned out of you directly through a phishing scam, it can be used to access some of your most closely held information.
India is one of the countries where the growth of identity fraud is said to be the fastest (at more than 100 per cent). Various banks, enterprises, and government organisations like the Income Tax Department have been targets of multiple phishing attacks over the past two years.
Recently, the government said in a note that 386 phishing incidents were reported to the Indian Computer Emergency Response Team (CERT-In) between January and October in 2011.
Phishing is among the more popular security attacks on banks and personal information, the others being screen logger, key logger, dictionary attack, brute force attack, shoulder surfing and guessing.
A 2004 McAfee Research paper, ‘Anti-Phishing: Best Practices for Institutions and Consumers,' by Gregg Tally, Roshan Thomas and Tom Van Vleck argues that certain systemic changes have to be made, but until then, “financial institutions and their customers can take steps to help reduce the risk of phishing attacks. Those steps include stronger authentication for electronic transactions, more widespread deployment of anti-spam, anti-virus, personal firewall products, and deployment of privacy protection software.”
Countermeasures
The authors also recommend a combination of countermeasures to minimise the number of phishing attacks delivered to consumers; increase the likelihood that the consumer will recognise a phishing attack; and minimise the opportunities for the consumer to inadvertently release sensitive information.
Explaining online fraud in a technical paper hosted on www.antiphishing.org, Symantec says it offers a multi-pronged technology-based solution for online fraud management, including an email fraud detection, filtering, and alerting network, on-line customer education, a desktop security assessment capability for customers of financial institutions and providing infrastructure and means for financial services to customers for acquiring the products and services, besides consulting and assessment services.
Indigenous consultant, ArrayShield Technologies, has come out with a solution called ArrayShield card, an authentication process to be used for providing access to all applications which has critical data and information.
The user will be provided with a physical card of credit card size, on which he has to register his pattern with the authentication system. This is used to generate a one-time password valid only for one transaction.
