SEMINAR ON INFORMATION TECHNOLOGY ACTNarendra SinghInformation TechnologyRoll no. 029 (09EARIT032)
Phishing: A Simple way to make fool
What Is Phishing??? • It is the act of tricking someone into giving
confidential information (like passwords and credit card information) on a fake web page or email form pretending to come from a legitimate company (like their bank).
• The word ‘Phishing’ initially emerged in 1990s. The early
hackers often use ‘ph’ to replace ‘f’ to produce new words in the hacker’s community, since they usually hack by phones.04/12/2023 2
How it works???• A message is sent from
the Phishers to the user.• A user provides
confidential information to a Phishing server.
• The Phishers obtains the confidential information from the server.
• The confidential information is used to impersonate the user.
• The Phishers obtains illicit monetary gain.
• Link Manipulation• Website Forgery• Spam• Key Logger• Session Hacking• Phishing through Search Engines• Phone Phishing
First Case Of Phishing in India
• Rs. 13 lakh imposed on ICICI Bank for phishing scam ICICI Bank has been fined with Rs. 12.85 lakh on account of a phishing fraud. This has been the first case filed under the Information Technology Act. Tamil Nadu IT secretary directed ICICI Bank to pay Rs 12.85 lakh to an Abu Dhabi-based NRI(Umashankar Sivasubramaniam) within 60 days for the loss suffered by him due to a phishing fraud.The petition was filed by Umashankar Sivasubramaniam, who had received a mail in September 2007 from the bank which asked him to provide his username and password or his account would be closed. After the reply to this mail he witnessed a transfer of Rs 6.46 lakh from his account to that of a company which withdrew Rs 4.6 lakh from an ICICI branch in Mumbai and retained the balance in its account. ICICI defends itself saying that it is the responsibility of the customer to be conscious while giving out any kind of personal information on the web. Internet banking needs to be done very carefully after full scrutiny by the customer. Internet banking is not a risky proposition if the customer is conscious enough.
Various Author Cases Of Phishing in India
Dec 2011, BANGALORE Six months ago, Asha , a consultant for NGOs, got a rude shock. Her husband received an e-mail from her, stating she was in a financial crisis and needed help. A bank account number was also provided. She couldn't log into either of her e-mail accounts. Her accounts had been hacked . By afternoon, the couple was flooded with calls of concern. Some persons even deposited money in the account number mentioned. This is the now-increasingly common modus operandi of cyber criminals.
To be continue…How accounts are hacked? First, the cyber criminals send a phishing mail that looks like an alert from the service provider. Once the account holder replies, the hacker gets all the details he needs to compromise the account and change the password.What they do after that?After the account is hacked, the phishers simply browse the contacts list and send a common mail. They either say they are stuck in a far-off place without cash or have plunged in a deep financial crisis. They seek assistance from the recipients. Though most persons call up and check, some in a hurry deposit cash in the account mentioned. This is withdrawn by the hacker
To be continue…How to retrieve the account? Most service providers ask for an alternative e-mail ID before opening an account. The account owner can log onto this, go to `abuse' and lodge a complaint about the hack. Account is usually restored within 24 hours.
What was the actions taken against them? They got punishment of 2year Jail under the act of IPC 420.
Google under Phishing Attack Recently, the users of the Google email services, “Gmail” purportedly received a legal notice from the Gmail team which wanted users to refurbish their account name, password, occupation, birth date and country of residence with a warning that users who did not update their details within 7 days of receiving the warning would lose their account permanently. However, the spokesperson of the Google denied any such legal notice coming from them and stated it to be a phishing attack designed to collect personal information, called ‘spoofing’ or ‘password phishing’.
Few Examples of Phishing Sites
Section 43• Penalty for damage to computer, computer system, etc.-
If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network,- accesses or secures access to such computer, computer system or computer network , downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium.
• damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
Section 66a• Section 66A of the IT Act is a relevant section which
penalizes ‘sending false and offensive messages through communication services’.
• Explanation — For the purpose of this section, terms “electronic mail” and “electronic mail message” means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, images, audio, video and any other electronic record, which may be transmitted with the message.
To be continue…• Any person who sends, by means of a computer
resource or a communication device :a) any information that is grossly offensive or has
menacing characterb) any information which he knows to be false, but
for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device
• Punishment - Imprisonment for a term which may extend to three years and with fine.
REASONS OF PHISHING
• Trust Of Authority• E-mail and webpages can look real• Use of the same top level domain• Use of the simplest and least confusing host name• Misleading e-mails• No check of source address• Non-availability of secure desktop tools• Lack of user awareness
Conclusion• We should use Security Implications both long and short
term.• Apply phishing filter in your browser setting.• Delete all emails and SMS from any stranger luring you
with billion dollar lottery prize, jobs in UK and huge wealth
• Delete all emails/SMS/Phone calls that ask for your personal information such as user name , passwords , Pin, credit codes.
• Delete all spam mail as they contain either virus or spyware enable spam filters in your mail boxes
• Self awareness is the biggest tool against any kind of cyber crime.
• Jaishankar, K. (2004). ―International perspectives on crime and justice‖ p. 541-556.
• Bocjj P. (2006). ―The dark side of the Internet: protecting yourself and your family from online criminals.‖ 2nd ed, green wood publishing group, pp. 159-161.