• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

Bharat Kumar

Chennai , Nov. 15

CHANDRAMOHAN'S office is located in a safe place. It's near the busy, well-lit Anna Nagar Round Tana in Chennai. Not exactly an area where Chandramohan T, director, BharatPlanet Consulting, a small IT software outfit, would expect to be mugged and robbed of his cash and credit cards. But go up his building, into his room and log onto the Net. And there, he says, you'd feel terribly vulnerable. Here's why:

As you type your favourite Web site's address, trying putting in a few characters and a `@' sign before the address. Type out whatever you want - it could even look like the set of abusive characters that you come across in Asterix comics.

And guess what? Once you hit the `enter' key, it would still lead you to your favourite page. So, type in `http://sr2345234fdg&(**&6@www.google.com', and you would land at www.google.com

Why is this significant? Because, fraudsters use this to tempt you into parting with sensitive information. And while you do their bidding, you would think that you are on a secure, authentic Web site.

Chandramohan recently received a harmless sounding email. It claimed it was from Paypal Inc, which facilitates genuine online payments. It told him that one of his credit card accounts with PayPal had become restricted and that, to lift those restrictions, he had to go through a credit card verification process. For this, he had to click on a given URL (universal resource locator - which helps you access a particular Web page) and fill in all the sensitive, payment details required to process transactions.

He noticed that he received the communication in an email `id' that he had never given out. So he used a deciphering tool available free at www.samspade.org. The deciphered URL did have www.paypal.com as part of its address but also had a `@' sign and a site address `211.48.94.139:359/index.htm'. The last was the actual address of the Web site to which Chandramohan was directed when he did as the dubious email asked him to.

There, he found a professionally done up page asking for all details that he could possibly give about his credit card. The PayPal logo was also there on the Web site to make it look authentic. If he had fallen for this, the sender of the mail could have obtained all information necessary to impersonate Chandramohan on the Internet and use that credit card to make purchases.

You can't access that dubious site any more. Possibly, the concerned ISP (Internet Service Providers) has killed the page. But you can find a copy of it at http://www.fightidentitytheft.com/paypal_scam.html

But, even after all this, you cannot be sure if you have pinned the Web site down accurately. There is an unholy alliance between hackers and spammers, who send out emails en masse hoping to get returns on their unsolicited sales pitches.

Hackers, with their technical prowess, help spammers cloak their Web site's identity, so that every time you check (using tools such as `traceroute') for the ISP that hosts it, you come up with different identities proving that the trails have been faked.

Article E-Mail :: Comment :: Syndication

Stories in this Section
As smart as fraud can get

Copyright © 2003, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line