The holiday season is a time when spam mails not only flood inboxes with special offers and discounts, but also make merry by phishing for confidential information. With commercial online activity seeing an upturn, the threat of phishing rises concomitantly.
India was responsible for 4 per cent of the world’s total spam emails in October 2008, the period coinciding with the festivals, states a report by Symantec Messaging and Web Security.
Last year, December alone saw 96 million spam mails globally. This meant every eight mail generated around the world was spam.
The modus operandi is simple yet very effective. The phishing mail entices users by offering attractive discounts or schemes that tempt them into clicking on the link and transfers them to another site. These sites may resemble a regular popular online shopping portal in appearance, but will extract and store personal information including credit card or bank credentials on the pretext of a transaction.
These schemes find unsuspecting targets in many of the 84 per cent Indian online shoppers who prefer credit card payments (AC Nielsen survey). Some mails may also install malware onto the user’s system itself that transmits information as and when it detects it. These softwares may also allow access to your computer to persons who may use it for phishing purposes, thus making it a zombie computer. In September 2008, almost 6 per cent of the world’s zombie computers were in India.
Emails and social networking sites have been favourite phishing grounds, but spammers are moving on to newer pastures. “P2P (peer-to-peer) networks are the newly emerging targets for such applications, that may appear to do what they are supposed to do but also do some other actions of which the user my not be aware of,” Shantanu Ghosh, vice-president, product operations in India, Symantec Corporation.
Ghosh suggests that users should have separate email addresses for their networking and banking purposes as many phishing softwares are active on networking sites especially during holiday season allowing various applications to send greetings.
“Do not click on any links in these emails for any transactions. Type the url yourself to ensure avoid getting directed to a phishing site.”