India is progressing fast towards digitization and a cashless economy. Every person now owns a smartphone and is equipped with an internet connection. More and more people are indulging in online transactions and youngsters are hooked to online apps. There is a surge in the growth of e-commerce websites. They are catering to all our needs from food to clothing. It would not be wrong to say that a whole new digital infrastructure has been set up. The whole ‘technology’ thing has become an inseparable part of our lives. While we all are too busy in ushering to the benefits of the technology, we have overlooked its potential threats. Yes, with the increase in the use of technology, the risk of cyber fraud has also gone up. We all are exposed to cyber fraud-related risks like never before. While there is a range of cyber threats, phishing has come out to be one of the most devious threats.
The Oxford Dictionary defines “Phishing” as: “The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal information, such as passwords and credit card numbers online”. It is basically tricking people to reveal sensitive information about them over the internet. A typical phishing attack involves the following stages:
- It starts by sending a large number of spoofed emails to random internet users.
- The mails seem to be from a legitimate source urges users to perform some action.
- As the users click on the link provided in the email, they are directed to a clone website created by the phishing attackers.
- Now, the users are tricked to reveal sensitive information about them. This information can easily be accessed by the attacker to be exploited in the future.
There has been a steady increase in Phishing scams all over the world. The situation is no different in India. The trend of going digital has made it quite attractive to phishers. It ranks among the top five nations targeted by phishing. Not just a favorite of phishing attackers, but India is also a top phishing hosting country as well. A recent report of an IT security firm Sophos says that every one in two organizations in India has been hit by phishing emails. This speaks volumes of the growing threat of phishing into our digital infrastructure.
Financial institutions are always the main targets of phishers in India. Incidents of phishing attempts have been reported from ICICI Bank, UTI Bank, HDFC Bank and State Bank of India. The modus operandi of attack was similar in all these cases. The customer received legitimate seeming emails with fraudulent links which tricked them to divulge important information. This information was later used for various illegal transactions. Air India, the only government-owned airline of India also became a prey to a sophisticated phishing scam in 2017. The attack was carried out by Nigerian hackers and Air India lost $ 300,000 to them. These are examples of some major incidents. However, there are several small incidents of phishing that take place every day around the various parts of the country. From top officials to common people, no one has been spared from the phishing attackers. This also speaks about the lack of awareness of cybersecurity in India. People are neither aware of the possible cyber threats, nor do they know about the policies and procedures to be followed in case of a possible attack. However, it would be incorrect to say that only a lack of awareness is responsible for the growing phishing scams in India. The people who are aware of phishing are also being attacked by means of advanced phishing techniques like URL obfuscation.
Thus, we can see how phishing is a major concern in the contemporary digital environment of India. The major reason behind all the phishing scams is the lack of awareness among the users, who are relatively new to the internet realm. Measures should be taken to spread awareness and educate customers about the menace of phishing and use of anti-phishing techniques. They must be taught to stay vigilant and should avoid following any links blindly. Secondly, the businesses that are continuously onto the radar of phishing attackers, need to actively research and adopt the best security protocols and procedures of the industry. They should continuously strive to find the security gaps in their system and how to bridge them because it is better to stay safe than be sorry.
To conclude, customers and organizations need to stay aware and equip themselves with the latest technology in anti-phishing techniques. Proper monitoring, analysis, detection, and a little proactiveness can go a long way in safeguarding against phishing scams.