The Hindu Business Line : A watch on `phishing'

He promptly used his credit card on the Internet to donate money. It was only when the credit card bill arrived that he realised that the money did not land with Red Cross but a fraudulent someone else. Shocked, he alerted his bankers to stop all credit card transactions.

Raghavan, based in New Jersey, was completely deceived by one form of a `phishing' attack on the Internet. This is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials.

This is how the cheating is done: A spoofed e-mail written in HTML passes itself off as something that has come from the Red Cross. The e-mail also has a Verisign `Secure Site' Logo on it in an attempt to dupe the end-user into believing that it is legitimate.

Upon connecting to the link provided in the e-mail, the user is directed to a fraudulent Web site, which could be hosted in Brazil, China or India. The user's credit card, expiry date, and PIN are requested through an online form. Once the details are entered, the user is redirected to the real Red Cross Web site.

September witnessed several new phishing attacks, which abused people's willingness to assist during times of disaster.

There were several attacks against a variety of targets and subject matters, including the Red Cross, The Salvation Army, Hurricane Katrina Donations, and Hurricane Rita Donations, says a report by Websense, a US-based provider of employee Internet management solutions.

Phishing is the most dangerous form of Internet threat. It is not confined to the US but affects the entire world, says Geoff Haggart, Vice-President, EMEA, APAC & Japan, Websense.

Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond.

Technical trick schemes plant crimeware onto people's computers to steal credentials directly, often using key logging systems to intercept consumers' online account user names and passwords, he says.

Websense Security Labs also observed a change in the technique used in phishing attacks, which target users of Yahoo!

Phishing attacks that attempt to capture a user's Yahoo! ID and password by displaying a fake Yahoo! Sign In page have been around for some time. Recently, though, these phishing sites have begun using alternative Yahoo! Sign In pages, such as Yahoo! Photos.

In the Yahoo! Photos example, users receive an e-mail or instant message that claims to be from a friend wanting to show off photos of a recent event, such as a vacation or a birthday party.

The message contains a link to a phishing site, which records the user's Yahoo! ID and password, and then forwards the Yahoo! ID and password on to the real Yahoo! Photos site.

Most of these phishing sites are hosted in the US on the free Web space provided by the Yahoo! Geocities service.

So far, the US has been worst hit by phishing. But, the menace is spreading across the globe and India is a likely target too.

The Websense report says financial services continue to be the most targeted industry sector with 81.2 per cent of all attacks.

There was a dramatic increase in the number of Internet Service Providers (ISPs) being `phished' in September 2005. There was also a rash of phishing scams using the brand of disaster relief agencies, including the Red Cross.

It is estimated that between May 2004 and May 2005, nearly 1.2 million computer users in the US suffered losses caused by phishing, totalling $929 million. American businesses lose an estimated $2 billion a year as their clients become victims.

The UK has also been hit. In March 2005, the amount of money lost in the UK was about £12 million, according to information available on the Internet.

There are thousands of phishing attacks every week. The Internet can be used for scary things, and as a platform for crime, distortion and stealing money. "The Net is a dangerous place," says Haggart.

Websense, listed on the Nasdaq and with hundreds of clients globally, scans about 450 million Web sites a week.

Websense says it enhances security, improves employee productivity, reduces legal liability, and optimises the use of IT resources by protecting the corporate computing environment from malicious mobile code and Web-based threats, both on the network and the desktop.

It also blocks spyware from entering a company's network. Further, it keeps already installed spyware from distributing confidential data and prevents employees from being compromised by phishing scams.

For instance, if a spoofed e-mail is received, the Websense software intercepts it and identifies it.

India likely target

With so many software companies, a greater awareness needs to be created in India about phishing attacks, stresses Haggart.India could be a future destination for hosting phishing Web sites.

The US remains on top of the list followed by China, Republic of Korea, Germany, Canada, Japan, France, Poland, Brazil and Romania. Some of the phising activity could be `outsourced' from the country, warns Haggart.

raja@thehindu.co.in