New Delhi: Cybercrime in the country is rising, what with the greater number of net users banking and trading in stocks online and buying air and rail tickets, movie tickets, gifts, books and other merchandise and services on the internet. Raghu Raman, CEO, Mahindra Special Services Group, speaks to Namit Gupta on the new methods online crooks are using to cheat you of your money, and what you must do avoid becoming their victim.
How serious is the cybercrime situation in India today?
While it is difficult to provide accurate statistics there is no denying cybercrime is on the rise in India. There are three key reasons for this:
Cyber care: Raghu Raman, CEO, Mahindra Special Services Group
1.The number of internet users is increasing exponentially
2.This increasing base of users provides fertile ground for cybercriminals to thrive as with little or no effort they now have a much bigger pie of “potential targets”
3.There is no entry barrier, unlike the brick and mortar world, where a new entrant into the world of crime has to deal with the local goon or an existing syndicate. The attacker is practically anonymous on the Internet and therefore much more dangerous. Easy entry is also facilitated by the small infrastructure requirements — all you need is a computer, internet connection and an intelligent albeit devious mind to kick-start a career in crime
Which establishments are particularly susceptible to phishing attacks in India?
The banking and financial services sector, particularly wealth management services and retail banking, has been targeted. Here I would like to mention that the wider the footprint of the establishment, the greater the susceptibility of its customers to phishing attacks. Let me give you an example. A smaller bank, with a smaller and geographically more concentrated customer base will be in a position to offer RSA tokens to its customers.
A larger bank with a more spread out customer base, on the other hand, may not be able to implement such a security mechanism across the board and might typically rely on more conventional two-factor authentication such as the credit card and PIN number or an online user ID and password.
Also, phishing isn’t only online and has been attempted on the phone as well (commonly referred to as “vishing”) with so-called call centre executives using very clever means such as free offers and reduced interest rates on outstanding balance to extract credit card and other details from unsuspecting victims.
Other industries such as airlines and online subscription services are also susceptible.
Is the nature of online frauds also changing?
Yes it is. At one time, online phishing would typically involve email messages from a website that mimicked the website of a bank or another reputed establishment and sought personal information such as credit card details from the intended victim.