)
Indian banks have already faced losses exceeding Rs 130 crore in the last three years due to phishing attacks. In the midst of these sophisticated attacks, the Symantec Intelligence Report on phishing sites in India says that Information Technology (IT) sites continued to be the most vulnerable amongst the targeted websites by the phishers last year.
According to Symantec February Intelligence report, the global phishing rate increased by 0.018 percentage points, taking the global average rate to one in 466.3 emails (0.214%) since January 2013. In the month of January, the number of phishing URLs associated to Indian brands accounted for 0.15% of the global phishing statistics.
Phishing refers to acquiring of sensitive financial and personal information about a person, through the internet, for use in fraudulent activities. This may either be done through means like e-mails from companies 'appearing to be genuine', asking for bank-related or credit-card related information. Also, phishers may also create fake websites, cloning genuine ones to steal personal information.
According to Symantec research, education, which was at the top of the most targeted websites in 2011, fell to second place in 2012. Indian states where phishing sites on education were most prevalent were Rajasthan, Andhra Pradesh, Delhi, Maharashtra, and Punjab.
"This implies a new wave of phishing attacks among various organisations as the cyber criminals become highly sophisticated and targeted. Phishers continue to pursue Indian sites across many disciplines to host their phishing pages," said the Symantec research.
The most targeted Indian sites were classified in various categories, IT (14.4%), Education (11.9%), Product Sales and Services (9.8%), industrial and manufacturing (7.3%), and Tourism, Travels and Transport (5.80%).
The research said that the figures for secure websites such as government and telecommunication were low and at the bottom of the list, offering evidence that phishers opt to target more vulnerable websites.
Best practices to avoid phishing attacks:
- Do not click on suspicious links in email messages
- Do not provide any personal information when answering an email
- Do not enter personal information in a pop-up page or screen
- Ensure that the website is encrypted with an SSL certificate by locking for the padlock, 'https', or the green address bar when entering personal or financial information
- Update your security software, frequently, which protects you from online phishing
