Class Room

Security Alert--------Phishing Phishing is a recent form of cyber attack in which the fraudsters induce internet users to divulge sensitive, confidential information relating to bank accounts. the technique uses email to "fish" the internet hoping to " hook" users into supplying them the login-IDs, passwords, PINs, credit card information etc. In a typical phishing attack, a user receives an email purported to be sent by a financial institution. The email will carry the spoofed ( spoofing: creating a look alike/shadow/mirror copy) image or logo of the financial institution and will attempt to convince the user to provide / part with personal, account details by directing him to visit a web link (hyperlink) given in the email message. when the user clicks the hyperlink, he will be led to a fictitious web page, which will be a look alike / exact replica of the website of the financial institution but hosted by the fraudsters. An unsuspecting user, unaware of such a malicious activity will be requested to provide his personal / account details in the fraudulent website in the pretext of some exigencies like updating bank's database, for cross-verification etc. The fraudsters then use the information for fraudulent transactions causing huge financial losses to the individuals and financial institutions. Phishing attacks involve thousands of users. In a single phishing attack, a fraudulent email message is sent to thousands of users with the hope that at least a small percentage of users will respond. The trends show that on an average, 5-10% users respond to such e-mails. Successful phishing counter measures involve educating the users to be careful while handling emails even though they appear to be emanating from legitimate sources. What needs to be remembered is that banks will not request customers for such sensitive information in the first instance, leave alone through relatively unreliable modes like internet / email etc. This necessitates an user to pay close attention to the contents of any email that seek any personal information. The basic approach for an effective anti-phishing effort includes detection, prevention and awareness. The phishing menace cannot be handled solely by the end-users, financial institutions nor stringent industry standards but the solution lies in taking counter measures at all levels. All users in the bank should exercise caution while disclosing personal information on the internet / e-mail.