India in top 10 league for Spear Phishing

We discussed the aim of phishing and the modus-operandi of achieving it. Likewise, Spear Phishing is an attempt directed at specific individuals or companies to steal sensitive information rather than targeting to mass community. The probability of success, in this case, is much higher.India is upcoming country, with strong expansion in various verticals and specialized in providing IT Consulting services across the Global. One year back, India was not in a league of this competition; however, now it holds 3% share for hosting a phishing site. This is very less number but it looks to be an alarming situation down the line.  Today, the country has clearly established a footprint on the international cyber map for being in the list of top 10 hosts of phishing sites globally.

The most targeted Indian sites were classified in various categories - information technology (14.40%), education (11.90%), product sales and services (9.80%), industrial and manufacturing (7.30%), and tourism, travel, and transport (5.80%). 

The attack leaves a devastated footprint when targeted to specific customer-centric vertical.  Privacy protection is a crucial element of today’s  growing e-service demand.One of the most glaring attacks was the recent purchase of more than 15,000 online tickets on Kingfisher Airlines by fraudsters who somehow got hold of the credit card information of several cardholders, many of them foreign nationals. While it is not clear where the fraud originated, some estimates peg the loss to the carrier at Rs 17 crore.

In fact, Major Bank has been targeted and now in a race of taking corrective actions like user awareness and establishing a monitoring mechanism to track and block the site at Service Provider end. This does not look to be simply since it can be a target from the globe with different "Law of the Land" rules.

Countermeasures to avoid phishing attacks:

• Do not click on suspicious links in email messages. In the case of any doubt, perform the simple step as mentioned in my previous blog (like identifying the email address in the message header and IP address) to identify if it’s a phishing mail.
• Do Not reveal sensitive information over the call.
• Do not enter personal information in a pop-up page or screen
• Ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar when entering personal or financial information
• Update your security software frequently, which protects you from online phishing
• And lastly, Inform respective organization about the same to prevent further broadcasting.