Lured by the convenience and ease of conducting financial transactions with a single click, online banking is coming of age in India and many other parts of Asia. As a result, these geographies represent a ripe new market for cyber criminals who look to launch online attacks and commit fraud.
In fact, recent reports indicate that roughly 10 per cent of all global phishing activities target India specifically. As evidence of this disturbing trend, several Indian banks came under attack in 2008, the targets of more than 400 phishing scams in just a few months. Even more alarming is the fact that more than 80 Indian banks lack adequate security measures for protecting their online users, as reported by NASSCOM, an IT trade organisation in India.
Online fraud has become a vast global network, bringing together bands of cyber criminals to do what they do beststeal money and identities from unwitting online users. Cyber crime does not discriminate; criminals will do whatever it takes to get what they want. They are more manipulative, sophisticated and adaptive than ever.
While new online attacks are becoming more popular, phishing continues to prevail as the most common tactic used by online criminals to target financial institutions and their customers. This is supported by recent statistics released by RSAs Anti-Fraud Command Center showing that globally, phishing attacks grew 66 per cent from 2007 to 2008.
One of the many scams criminals use to dupe online victims into divulging their personal information, account numbers, and credentials, a phishing scam usually begins with a message that looks like an official e-mail from a bank. The text within the e-mail tells users that they need to access the banks website and update their personal information, or risk having their account suspended or closed.
The e-mail usually contains a link that users can click on to go to the banks website. Once clicked, instead of directing users to the banks website, they are actually brought to a spoofed website that looks nearly identical to the banks official website and is intended to steal user information.
Phishing scams are popular within the fraud community because the cost of executing them is low and setting them up requires little technical knowledge. For very little money, a criminal can buy an entire phishing kit on the black market and launch an attack against tens of thousands of potential victims with minimal effort.
Staying a step ahead of online criminals and being prepared to address new threats is critical to fending off fraud. Financial institutions must establish a layered approach to security which is key to lowering the overall risk posed by phishing and other online threats. A layered security approach has three core elements:
Sign up for CIO Asia eNewsletters.