Authored by – Anand Naik, Managing Director-Sales, India & SAARC, Symantec
Gone are the days of standing in a queue at the bank, with a token in hand waiting to make a transaction! Today, the internet allows us to perform so many banking transactions online – from checking account balances and transferring funds, to reviewing our credit reports and making bill payments. We no longer have to get in the car, drive to the bank, or communicate with a bank teller in person. For most of us, online banking offers tremendous time savings and the option to bank at our convenience. With the rapid advancement of technology, we’re now able to use our mobile devices to help take care of our banking needs, regardless of whether we are at home, at work or even on holiday!
However, there’s always a flip side to such major changes. Banking has evolved to be literally at our fingertips, but this convenience comes at a risk as the cybercriminals are continuously on the lookout to steal our money, our information and identities. The Norton Cybercrime Report 2012 found that globally, 18 adults become a victim of cybercrime every second, resulting in more than one and a half million cybercrime victims each day. The direct cost of cybercrime was an average of US$197 per victim across the world and in India, that amount was only slightly lower at US$192 or INR 10,585. Symantec’s Internet Security Threat Report XVIII reports that in 2012 mobile malware increased by 58 percent. With a 30 percent increase in the number of mobile OS vulnerabilities, consumers using banking services via their mobile devices are at a higher risk of data theft.
The Norton Cybercrime Report 2012 also revealed that 42 million Indians have been victims of cybercrime in the past 12 months, which is a 75 percent increase from the number of cybercrime victims the previous year. Some of the more common techniques cybercriminals use to steal our information are phishing and pharming. Phishing is a method by which fake emails – for example, messages that look like they are coming from our banks – are sent to users asking for their account numbers and passwords. Pharming techniques are used by cybercriminals who create legitimate-looking web pages to trick visitors into divulging these details. Both of these methods are examples of social engineering – where the users themselves are tricked, duped or lured into parting with private information.
Just last year, Symantec observed attacks where phishers spoofed the Reserve Bank of India’s Web site as a ploy for a tax refund scam. The phishing site attempted to lure users by stating that the bank would take full responsibility for depositing the tax refund to the user’s personal bank account. The user was prompted to select the name of the bank from a list of eight banks and enter their customer ID and password. Through this, phishers intended to steal the confidential information of customers of several banks from a single phishing site. The following page asked for credit/debit card number and PIN number. After these details were entered, the phishing site displayed a message acknowledging that the request for the tax refund has been submitted successfully. The user was then redirected to the legitimate Reserve Bank of India site, little knowing that they had just become a cybercrime victim.
While these clever ploys by cybercriminals may lead many of us to hesitate from banking online, there are precautions we can take to ensure that our information and hard-earned money are safe regardless of the channel we use for transactions.
If we are aware, vigilant and follow some basic guidelines, we can enjoy the convenience of banking online with confidence.
- Be wary of emails asking for confidential information especially of a financial nature. Legitimate organizations will never request sensitive information via email
- Don’t get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request
- Watch out for generic-looking requests for information. Fraudulent emails are often not personalized, while authentic emails from your bank often reference an account you have with them
- Never submit confidential information via forms embedded within email messages.
- Never use links in an email to connect to a Web site. Instead, open a new browser window and type the URL directly into the address bar
- Maintain effective software to combat phishing. Norton Internet Security and Norton 360 Multi device automatically detects and blocks fake Web sites. It also authenticates major banking and shopping Web sites
Quote from Anand Naik, “Today, cybercrime is much more prevalent than people realize. Cybercriminals have moved from more traditional forms of attack such as mass distributed malware, to more targeted attacks that include social engineering to gain access to sensitive and personal information. With an increasing number of Indians banking online, the need to remain alert has never been greater. With some common rules and a comprehensive security solution in place, we can all safely enjoy the benefits of online banking.”