Phishing Scams

Transcript

1. Rajiv Manivannan

2. What is Phishing Phishing is the fraudulent attempt to obtain

   sensitive information including user data, login credentials, credit card details through electronic communication.

3. How? • Attacker send an email that appears to be

   from a legitimate company and ask to provide sensitive information. • Contact through phone call by mimicking the know entity. For example, I am your virtual relationship manager calling from you bank your credit card is block. Kindly share your CCV number and received OTP to activate it. • Using a Phishing kit - It’s a web component. Attackers replicated a known brand or organisation’s legitimate website. Those url will be sent to target by email or other medium. Crowd-sourced lists of known phishing kits https://openphish.com www.phishtank.com

4. Phishing Technique Spear Phishing - attacks directed at specific individuals

   or companies. Whaling - attacks directed specifically at senior executives and other high-profile targets. Vishing - contact target by telephone mimics known entities to steal sensitive information. …

5. Punishment Punishment is upto 2 years jail term / fine

   amount / both Such fraudulent are punishable under Indian Penal Code, 1860 (IPC) It’s often invoked along with the Information Technology Act, 2000.

6. Why it continues to happen • It’s very hard to

   trace the identity of Phishing scammer. • There is a legal principle “Bail is rule and jail is an exception”. • Whoever committed this offence they can easily come out in bail and engage in committing the crime again.

7. How you can prevent

8. Verify the URL

9. Pay attention to the SSL and browser warnings As per

   Anti-Phishing Working Group 2020 report, 75 percent of all phishing sites now use SSL protection

10. Pay attention to the spam filter warning

11. Sender Policy Framework (SPF)* Sender Policy Framework (SPF) record- is

    a type of Domain Name Service (DNS) TXT record that identifies which mail servers are permitted to send email on behalf of your domain. * For Organization

12. DomainKeys Identified Mail (DKIM)* DomainKeys Identified Mail (DKIM)- Organisation take

    responsibility for a message that is in transit. The organisation is a handler of the message, either as its originator or as an intermediary. * For Organization

13. Cure • Change all your passwords. • For banking related

    frauds Immediately approach your bank give a formal complaint with whatever proof you have. • Report the phishing website url here https:// safebrowsing.google.com

14. If the transaction happens without user’s Intervention In 2017, RBI

    sent a circular to all the banks if such fraudulent are reported the bank has to take resolution with in 3 days and revert back the money to customer. Limiting Liability of Customers in Unauthorised Electronic Banking Transactions

15. If the transaction happens by deceiving the user • If

    the action is taken by the bank and phisher’s account is freeze by the bank you can approach the court with proper documents and get direction to get your money back. • If the phisher withdraw the money and gone untraceable, bank have option to claim from their insurance and credit to the customer account.

16. Thank You !