Mr. Saibal Banerjee (Name changed) resident of Salt lake area is working with a reputed private sector manufacturing company. Alok, his son is pursuing his degree course in engineering from a private engineering college in Bangalore. Mrs. Banerjee teaches English for class VII & VIII students in a local English medium school.
Banerjee family banks with a leading private sector bank in the country. They use ATM as well as net-banking facility of the bank for regular banking related activity as well as for buying rail tickets & paying the monthly bill for their telephone connections.
Mr. Banerjee has a desktop computer (It’s a branded PC loaded with original Windows operating system, he with the help of his son has installed a pirated copy of the Microsoft Office, his antivirus software which came bundled with the PC has expired 6 months back) along with a broad band internet connection at home which helps him to keep in touch through email/online messenger with his son in Bangalore. He also uses his internet connection to access his bank account online.
One evening he received an email from his bank the text of the email given below. (I have used the ABC Bank for case purpose)
From: customercare@abcbank.com
Subject: Important Fraud Alert from ABC-Bank
Body: Dear ABC - Bank Account Holder,
On January 10th 2008 ABC Bank had to block some accounts in our system connected with money laundering, credit card fraud, terrorism and check fraud activity. The information in regards to those accounts has been passed to our correspondent banks, local, federal and international authorities.
Due to our extensive database operations some accounts may have been changed. We are asking our customers to check their checking and savings accounts if they are active or if their current balance is correct.
ABC-Bank notifies all it's customers in cases of high fraud or criminal activity and asks you to check your account's balances. If you suspect or have found any fraud activity on your account please let us know by logging in at the link below.
The email then contains a button that reads "Click Here to Login". Clicking the button appears to take the recipient to the web address www.abcbank.com which instead is a criminal North Korean site.
After 3 days when Mr. Banerjee checked the balance of his bank account, he was horrified the money he kept for his son’s annual college fee is all gone. The balance of the account is merely Rs. 1200/-. He could see that there are two separate money transfer transactions which amount to Rs. 92,000/- from his account. He couldn’t recall any such transaction of his own. Same day he contacted the bank authority & was told that he is one more victim of the growing cyber crime called Phishing.
With the help of the bank authority he lodged a FIR in the local police station. Soon police swung in action & arrested one person named Chattaraj from Siliguri town in whose account the money was transferred.
Chattaraj’s story: In last October he was approached by one Mr. Parekh from Rajasthan over phone. Mr. Parekh has is business in Rajasthan & Gujarat, he was looking forward to trap the growing North-East market. He was looking for business associates in Siliguri. Mr. Parekh has already done his own investigation & was impressed with Chattaraj’s business operation & moreover his good will in the market. Parekh proposed to Chattaraj to share his bank account details with him so he could pass on the same to all his customer & associates in North-East. Business responsibility for Chattaraj is quite simple, customers will deposit money in his said account every week. He has to withdraw 90% of the same in cash & deposit in another Pvt. bank, whose account details were provided. For doing this over simplified job Chattaraj got 10% of the money transacted. He was very happy. He never met Parekh in person.
During investigation police found the personal details given by the Parekh was fake. The bank account where the money was transferred was opened with fake information & address. All the money withdrawn, expect some Rs. 10000/- was left in the account.
Status: Investigation is on
Phishing:: inside
In computing, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from online banks are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail, and it often directs users to enter details at a website. Phishing can also be used against senior executives or colleagues or class mates to collect their user ID & password for any web site (mainly the email sites).
Fake email: Today with growing usage of internet it’s very easy to send a fake email. One need not know the password of the account but still can send an email from that account. (Header of the email will reveal that it was not send from that account, & is a fake)
Web site: With thousands of free hosting sites available it will take less than 5 minutes to host a web page which will be 100% similar to the original site.
Hyperlink: The fake email will ask to click on the below web link to go to the bank site. Ex. http://www.abcbank.com/secure/personal/banking%%/Customer#?
but in reality it will link to http://219.13.12.13/customer/secure/login.php (fake destination created by the con guy)
Prevention:
# Check the email header for authenticity
# Never click on a hyperlink to go to any site, type the URL address of your own in the address bar.
# Use proper spam filter for your email account
# Use up-to-date antivirus (Phishing filter for the website you visit)
# Any discrepancy alert the bank
# Proper awareness for banking customer by the bank
# Checking of website content by law enforcement or regulating authority.
# Control on website hosting
No comments:
Post a Comment