BANGALORE, INDIA: Several months back, the login credentials of a user of a popular social network were stolen and used by a crook to swindle the victim's friends out of thousands of dollars. Just last month again, millions of users of the social networking site complained of their accounts being compromised to send out malicious links to friends.

Once friends clicked on these links, they were taken to a site that looked just like the login page. However, what not many victims realize is that providing criminals with their login and password details can sometimes injure them beyond the damage to their social network.

Repeated attacks on another popular social networking site are making news of late. In the initial case when users clicked on a URL enclosed in a promotional e-mail from the company, they were redirected to a Web-form that asks for personal information such as name, email and address. This was followed by another form asking for the credit card number, expiration date, and security code. These are examples of nothing but routine phishing attacks by a cyber criminal. Just one of his favorite means to get to you!

The above are classic examples of how cybercrime has entered the inbox and the lives of every internet user today. And one of the most effective tools in the cybercriminal's toolkit is PHISHING.

What is phishing?

Phishing is an attempt by a third party to solicit confidential information from an individual, group or organization by mimicking, or spoofing, a specific well-known brand, usually for financial gain. Phishing is essentially an online con game and phishers are nothing more than tech-savvy con artists and identity thieves. They use spam, malicious Web sites, email messages and instant messages to trick people into divulging sensitive information, such as bank and credit card account details.

The evolution of a phishing attack is quite straightforward. At first, the fraudsters compromise a vulnerable server and deploy a package called a "phishing kit," which contains a clone application of the targeted institution. Then, mass mailing activities, with the aim of reaching a large number of recipients, are accomplished. Finally, the fraudsters use social engineering techniques to entice victims into submitting their credentials, from which the fraudsters attempt to derive valid credentials. This will only happen if the fraudsters are able to convince users that they should trust the phishing website, or at least trick them into believing it is a legitimate site without raising any suspicion. Of course, this is not always a painless task.

In 2008, as many as 4,615 phishing hosts per month were discovered, 66 per cent up over the previous year. Even the recent Symantec internet Security Threat Report showed that phishing attacks are on the rise in India. In fact there had been a sudden rise in the number of attacks in the last month alone.
Here is a look at some of the most common types of phishing attacks in recent times.

Phishing made easy! Phishing toolkits on sale

According to a previous Symantec Internet Security Threat Report, phishing toolkits have allowed phishers to carry out attacks much more easily by automating the construction of a phishing website; attackers can concentrate on identifying and procuring phishing website hosts instead of the tedious job of building phishing websites by hand. The adoption of phishing website toolkits is a prominent trend; the top three phishing toolkits accounted for 26 per cent of all phishing attacks, whereas the top three toolkits accounted for 42 percent in the previous period.

The indication is that, because the top three toolkits did not dominate as much in this period, there are more toolkits sharing the workload, which highlights the widespread adoption of toolkits as a valuable tool for malicious activity. Consequently, carrying out phishing attacks and deploying phishing websites have become easier. Toolkits are facilitating the growth in phishing website hosts. It has been observed that the popularity of individual phishing toolkits changes quickly, which reflects the need for phishers to adapt in order to avoid detection by anti-phishing software.

Phishing shores found in India

The number of phishing URLs on Indian brands in the first two weeks of August was nearly 2 per cent of all phishing attacks. In the past, the usual average was typically 0.5 per cent. This means that the rise has grown four fold in just two weeks.

Though when the geo-location of each phishing site was examined, it was observed that none were in India, it is likely that at least some of the phishers involved are in India since the confidential data stolen can be used for specific Indian needs. For instance, there are several websites dedicated to the purchasing of Indian goods and articles, which accept net banking payments only from a given list of Indian bank accounts. In all possibility attackers may be employing every means of masking their location by creating their website elsewhere and not on Indian servers.

There were five brands targeted that were all in the banking sector for the given time period. Among these five brands, 83 per cent of the attacks targeted just one brand.

Some of the noteworthy statistics with respect to the phishing sites on Indian brands:

• The majority of the sites were hosted in the USA and South Korea; about 56 per cent of the sites were hosted on US-based servers and about 13 per cent in South Korea.
The top cities hosting the sites were Houston, Chicago, Las Vegas, Seoul, and Atlanta.
• The highest occurrence of country code TLDs was Korean.
• Among the URLs examined, six were hosted on free Web hosting sites.

What can you do to stay protected?

• Know that your bank will never ask you to confirm your details via email. So if it looks like it's coming from your bank and asks you to confirm details, you should not click it. Remember that you can always call your bank directly and ask them about any email you receive. They will know if they've requested that you update your account details.
• Is it addressed to you? It is common for phish messages to begin with salutations such as "Dear Valued Customer" and "Please Confirm" instead of your actual name. If it's not addressed to you, don't click it.
  Rest your mouse pointer on the URL in the body of the email. The real destination of the URL will be displayed. If the URL looks like a different name than the name of the company, don't click it.
• Look for spelling mistakes. If there are spelling mistakes, or the email doesn't look professional, don't click it. Get security software that includes anti-phishing and identity protection features.
• Don't use links in emails to get to websites. Instead, manually type in the URL destination into the address bar of your Web browser. It may take a little longer, but you will be more effective at protecting your identity.

Symantec