Cybercrimes and phishing -- emails aimed at stealing your online banking passwords -- are on the rise on the back of the global financial meltdown.
Sample this. Five cyber-thieves, allegedly part of a network that hacked into the account of a Noida businessman, were nabbed on Thursday for a Rs 1.66 crore (Rs 16.6-million) cyber hack.
They used Internet banking to transfer the money from the businessman's account with the Punjab National Bank's Noida branch to their own account.
The police only recovered Rs 55 lakh (Rs 5.5. million), and have exhorted the public to change their online banking passwords frequently.
A report by MessageLabs, a leading security services company, indicates that phishing attacks rose 16 per cent between August and September and skyrocketed 103 per cent between September and October.
Most of the attacks were spoofs on the huge banks dominating the news in the wake of the financial crisis on Wall Street: Bank of America, Wachovia, Chase Manhattan, Washington Mutual, and even UK banks like Lloyds TSB and RBS.
The spam attacks are built around mortgages, debt consolidation, credit counselling and other financial advice.
"There is a distinct connection between the rise in phishing and the downward movement of the stock market," said Pavan Duggal, Supreme Court lawyer and cyberlaw expert. Duggal himself gets around seven phishing emails a day.
A recent report by security firm Symantec indicates that there were more than 400 unique phishing attacks on reputed Indian banks in the last six months of 2007. Out of these, some of the attacks involved the use of compromised '.gov' servers to launch phishing attacks on other brands.
Scamsters are now using every avenue to milk the cow. Under normal circumstances, users are more alert. "But when there's a banking crisis, a simple email saying 'you need to change your password to protect your account' can unnerve a user and make him/her click on a link that can lead to hackers siphoning off the money online," Duggal explained.
Penetration testers, who work with bank clients, confirmed that the fragile state of the banking community is making it particularly easy to dupe anxious bank employees.
Palakirti Venu, sales director (India & SAARC), F-Secure, a penetration testing firm, argued that targeted electronic attacks like spear-phishing are simpler in this nervous financial climate.
"We do foresee a rise in phony emails about the latest news in the financial markets, as well as with links purportedly to information on how their bank is doing better than its competitors in this crisis," he said.
It's not just restricted to browser exploits or web-borne exploits, but also includes infected spreadsheet, PDF, and Word attachments supposedly providing information on the crisis or the bank.
Vijay Mukhi, chairman of Ficci's IT Cell, agreed. "Cybercrimes do tend to rise during these times since people who are facing bad times would like to steal money by any means. Banks generally do not report such crimes since it can cause them embarrassment and strike fear as far as account holders go."
Kartik Shahani, regional director, McAfee (India), said with employees being laid off in large numbers, there is a stark possibility of a few transforming into spammers and cybercrime for the lure of money.
"Many of those who have been laid-off have the technical expertise and also know their organisation's security systems. The holiday season tends to be busy for socially engineered-types of malware," Shahani said, and added, "The economy is hurting people's finances and this could encourage criminals to up their efforts to gain more money through illicit means."
Scamsters are apparently attempting to manipulate the news to their advantage by asking end-users to revise their account details.
"In some instances, they are tricking users into going to malware-laden websites, which resemble the legitimate sites," said Shahani.
"Phishing and social engineering attacks are the highest risk currently faced by the financial industry," Venu cautioned.
