Stay a step ahead of digital scamsters

Stay a step ahead of digital scamsters

SP Ketkar

E-MAILS, plastic cards, phone banking and internet have amazingly changed the way we do our banking and shopping. Newer applications in the wireless and web world keep coming on, helping to simplify and further change the way we do things. Our transactions have become simpler, convenient, and more efficient. Alongside this development, the meanings of cheating, stealing and forgery have also changed. Today, entirely new types of high-tech frauds are posing serious challenges to us. The better equipped you are about them, the easier your life will be both in the wired and wireless worlds. Here is an overview of the new age frauds.
Hacking: A ‘hacker’ is a skilled programmer and its meaning extends to cover ‘persons’ who can make things work beyond perceived limits. However, ‘hacking’ is commonly understood with its negative connotations and it means, ‘intruding’ to gain unauthorised access to computers, with intent to exploit the system while taking advantage of carelessness or ignorance on the part of system operators. It is by such fraudulent hacking that a hacker can access classified records from protected databases.
Spoofing: E-mail spoofing describes fraudulent alteration of e-mail ‘header’ to make it appear that the message has originated from someone or somewhere other than the actual source. The distributors of spam commonly use spoofing to hide or modify the origin of e-mail messages, so as to get the recipients to open and respond to their solicitations.
Phishing: It involves e-mails appearing to come from legitimate sources such as a bank or a credit card issuer, with an earnest request to verify personal information or account details. Such e-mails usually contain a hyperlink and urge the addressee for online verification of his banking or credit card information, to avoid suspension or closure of his account. The hyperlink, however, directs the user to a bogus website, set up only to steal the users’ information.
Phishing is based on impersonation and is a criminal activity. Phishers use some form of technical deception to make the link in emails appear legitimate, so that the users do clickthrough and reach the spoofed websites. Once the users are aware of one trick, perpetrators adopt new ones. The latest being Spear phishing, where emails appear to come from company’s human resources and target a single user or a department within an organisation.
Pharming: In pharming, hackers aim to redirect the traffic from a legitimate website to another malicious website and then mislead the users into providing their sensitive data such as passwords, mother’s maiden name or credit card PINs. Unlike in phishing, a pharming attacker does not have to rely upon users clicking on hyperlink in e-mails. Even if users correctly enter the web address (instead of a click on hyperlink), the attacker can still redirect them to fake sites, by changing the host file on a victim’s computer or by hijacking the victim’s Domain Name System server.
Vishing: The term is a combination of ‘voice’ and ‘phishing’. It leverages VoIP phones instead of ‘misguiding hyperlinks’, to steal personal and financial information from the public. In this activity, a dialer calls out customers in a given region and an automatic announcement advises them to call back on certain local telephone. When customers call up, computerised IVR guides them into a verification routine and the Visher fraudulently captures bank or credit card details of callers.
In the Indian context, phone banking, net-banking and online shopping are all in the early stages. It is therefore important for the banks, credit card issuers and shopping portals to run special drives to educate the consumers on new age frauds and train them on effective habits for safe and secure use of online services.
BYTES OF BAD GUYS

• HACKING – Indian Computer Emergency Response Team (CERT-In) reported 5,211 Indian websites defaced in 2006, 70 of which were ‘gov’ sites. Airtel servers were hacked by a Ghaziabad student in June 2006 to get call details of senior bureaucrats

• SPOOFING has been used in to propagate viruses like Melissa and Love Bug.

• PHISHING – As per CERT-In, 2006 witnessed 339 attacks as against 101 incidents of 2005. EG: UTI bank customers were targeted in late 2006

• PHARMING –Feb 2007 saw a pharming attack on 65 financial targets covering Barclays Bank, eBay, American Express etc. in Australia, Europe and the US

• VISHING – In 2006 vishers attacked customers of Santa Barbara Bank & Trust. Even eBay’s payment service PayPal has been targeted for vishing.