New Delhi: Software security firm Symantec said cyber criminals are targetting Indian brands for phishing attacks to solicit personal information from individuals and to launch money laundering scams.
“Phishing is a growing menace in the Indian cybercrime scenario. With high traffic on the websites of Indian brands, we are seeing that their popularity is being targeted for phishing attacks as well,” Symantec India vice president (product operations) Shantanu Ghosh said.
Phishing is an attempt by a third party to solicit confidential information from an individual, group or organisation by mimicking, or spoofing, a specific well-known brand, usually for financial gain.
Such attacks have seen a rise in recent months with the first two weeks of August witnessing a four-fold increase from 0.05% to 2% of the overall attacks on Indian brands, he added.
The company has released a list categorising various phishing attacks like Dynamic phishing (where the user clicks on a malicious links) and Flash phishing where the hacker mimics the advertisement of a reputed company and directs the user to a fake phishing website.
Symantec estimates that in the last two years, over a 1,000 unique phishing attacks have been carried out on reputable Indian banks.
“Brands in the BFSI sectors are the obvious choice for carrying out phishing attacks for the large amounts of money they have at stake. Apart from the victims, banks also face huge losses as a result of losing customers and reputation,” Ghosh said.
SMS phishing or SMSishing is another form of attack where SMS messages are sent from a reputable source such as banks asking for personal details.
Similarly, ‘Vishing´ uses voice through IVRs (Interactive Voice Response) to deceive users into providing personal and confidential information over the telephone.
Attackers also use methods like bogus websites, websites with similar names (like Symantc.com instead of Symantec.com) or installing spyware in the user’s computer.
“The measures to stay protected against them are simple. For starters, be aware that your bank will never ask you to confirm your details via email,” Ghosh said.
Users should not click on the links in emails to get to websites and instead, manually type in the URL destination into the address bar of the browser even if it takes longer, he added.