Phishing in people's accounts

Today, 10 times more Indians use the internet for their banking needs than five years ago. And not surprisingly, the number of fraudsters eyeing your account have also multiplied. Globally, $6 billion is stolen from consumer accounts by attacks called phising and the scale of such fraud in India is fast catching up.

Sukhwinder Singh can never forget the day he checked his account online in late october last year. His account showed a deduction of Rs 41,000 and he had no clue where the money had gone. Investigation revealed the money had been transferred to one Harpreet Chohan in Delhi. It was later revealed that Sukhwinder had been a victim of a phishing attack on ICICI Bank. He had given his password and name online by replying to an email sent by the hackers. The hackers then logged into Sukhwinder's account and put in their mobile number instead of his. So that, when they did make the transfer, the message alerting Sukhwinder of the transfer would go out to their mobile and not his. This very move proved to be the hacker's nemesis.

The alleged phisher, Harpreet Chohan told CNBC-TV18, "I don't know how the money got into my account. I don't know how to operate a computer, so how can I be a hacker."

Cyber security expert, Vijay Mukhi says, "Phishing normally begins by you getting an innocuous e-mail - let's say from the bank - saying that someone is trying to hack into you account so you need to re-give us your password. So, you click on the link. That website is a fake or the spoofed website. Here you actually key in your personal details - you key in you name, your password when you click on ok, you don't realize that your user name and password has gone to the phisher."

Once the password and user name are with the phisher, it's only a matter of a few minutes before your money is transferred from your account to the phishers. What's even more threatening is that a phishing attack can be launched sitting in any part of the world. Mukhi says, "The problem with the internet is that it doesn't recognize geographical boundaries. So, today most of the phishing attacks to a bank will never occur from the country itself. I would launch a phishing attack on an Indian bank sitting in America and the spoofed page might be in Taiwan."   

Finally, when the authorities do catch on, often the money trail leads to empty bank accounts with the cash long vanished. What's more, the attacks have just begun - October has seen over 26,000 phishing attacks worldwide, as compared to 15,000 last year. But industry experts say banks and customers both are catching on at a fast pace.

Head of Operations, ICICI Bank, Madhabi Puri Buch explains, "The interesting trend we are seeing in the case of phishing is that, while the number of attempts being made is increasing, the impact of each of these attempts is sharply declining. Aand the reason is very simple, just as the fraudsters are trying many things - both the banks and the customers come together to find ways to react to these attempts very rapidly. And in today's environment, in just a matter of four hours, these malicious sites are clamped down and they have no impact whatsoever on the customer."   

Banks across the country have put up alerts against phishing e-mails on their websites and many have even launched campaigns to alert investors against it, so is this a sign of the increasing vulnerability of the industry?

Buch says, "When you see the tip of the iceberg is when you have to take action - not when you crash into the iceberg. Since, we believe that customers have such a vital role to play in prevention of fraud - not only in the case of phishing but in all types of financial fraud - we believe that it is part of our duty as a very large player in the financial system to create that awareness amongst a larger and larger set of people."

So, just how does a phisher launches an attack? Well, you can't see them..or even hear them but sitting behind computer screens, they are plotting their next move to get to your money. Launching a phishing attack often takes just a few hours and just about anyone can do it.