Subros
Legal
Connect DECEMBER 2015
Subros and Associates Solicitors and Advocates
CyberCyberCyberCyber@LegisLegisLegisLegis Cyber Law
CYBER
Subros
DON’T LOGIN LINKS
IN EMAILS !
Or go toOr go toOr go toOr go to
www.iamstupid.comwww.iamstupid.comwww.iamstupid.comwww.iamstupid.com
CyberCyberCyberCyber@LegisLegisLegisLegis Cyber Law
CYBER
Subros
In association withIn association withIn association withIn association with CyberCyberCyberCyber@LegisLegisLegisLegis
Fighting Cyber FraudFighting Cyber FraudFighting Cyber FraudFighting Cyber Fraud
CYBER
Subros
Your Date of Birth, Adhaar Number, Bank Account
number, Credit card number, you wouldn’t give it to
me if I asked…..but you would happily if the same
pops up in your email….
Welcome to the big bad world of PHISHING.
Its where my cyber crook friends, dine, wine and
make merry…. All at your expense.
“Phishing is the attempt to acquire sensitive
information such as usernames, passwords,
and credit card details (and sometimes,
indirectly, money), often for malicious
Subros
reasons, by masquerading as a trustworthy
entity in an electronic communication.”
EmailEmailEmailEmail has for long been the favourite “phishing”
ground , for the process has been painstakingly
simple and outrightly effective.
All they do is to call upon our basic human instincts.
Be it a free stuff (an iPhone may be), or a warning
(your bank just shot an email about a transaction you
havn’t done), or a scare (like an invoice for an iTunes
purchase you know you didn’t make).
Subros
There is always that urgency involved calling upon
you to take action right away…
You open an email or text, and see a
message like this:
"We suspect an unauthorized transaction on
your account. To ensure that your account is
not compromised, please click the link below
and confirm your identity."
"During our regular verification of accounts,
we couldn't verify your information. Please
Subros
click here to update and verify your
information."
“Our records indicate that your account was
overcharged. You must call us within 7 days
to receive your refund.”
“ Your account shall be closed or the bank
shall take other action if you don’t respond.
The senders are phishing for your information
so they can use it to commit fraud.
And presto there’s an inviting clickable link for the
purpose, to take you to a signup page (to register for
the iPhone), or a login screen (for internet banking),
or an account summary page (to contest the
fraudulent purchase).
Subros
And the dumb man that I am, totally inarticulate in the
way the world wide web works (www.iamstupid.com)
I fill in my personal details, my password, my bank
account number, my credit card number, my PAN ,
my Adhaar and so on, and click
[Submit]
…… all because that iPhone 6s is got to be mine….
It’s the oldest trick of the trade, not ingenious but
effective….
Subros
Crime pays…. Who said it doesn’t…..poof ….my
account is hacked, my bank account got wacked, my
credit card got swiped and a whole lot of my friends
received emails that I needed money as I was
travelling and had lost my belongings and the good
Samaritans that they are ( don’t I always choose my
friends wisely, as I come to know later), had bank
transferred royal sums to a bank account which I
didn’t own….
The crooks had done their homework. The web form
that appeared looked “the original”- a replica of my
Subros
bank account complete with layout and logos and
straight from my bank, or from iTunes, or wherever.
Only then did I find out that I had just submitted all
that I owned ( my id, my password, my account
details etc.) to a bunch of crooks instead of to the real
site. Its my money which I won’t ever get back.
Check it out Check it out Check it out Check it out ---- is my advice: The web has no friendsis my advice: The web has no friendsis my advice: The web has no friendsis my advice: The web has no friends.
Subros
Have you checked on
- the website name in the address bar. It will be
wrong, eg it wont have the name of your
bank.
- or the web page will be unencrypted (no
padlock – I call it the closed lock without a
key)
- It wont start with https: (meaning an
unsecured site)
- Is it asking for personal information that you
won’t even give me…. Your best friend
Subros
Don't email personal or financial information. Email is
not a secure method of transmitting personal
information. Only provide personal or financial
information through an organization's website if you
typed in the web address yourself and you see
signals that the site is secure, like a URL that
begins https (the "s" stands for secure).
Unfortunately, no indicator is foolproof; some
phishers have forged even security icons.
And remember the Reserve Bank or Your Bank never
asks for your personal information online.
Subros
But here’s an even easier way to protect yourself:
DON’T CLICK LOGIN LINKS IN
EMAILS IN THE FIRST PLACE!
Well if you have already done that….. Visit me at
WWW.IAMSTUPID.COM..... This site is still up for
sale.
Subros
About the author
SANDEEP SURI
is a practicing Lawyer, Electronics Engineer
Chevening Scholar and Editor - Punjab Law Reporter
CYBER
Subros
CyberCyberCyberCyber@LegisLegisLegisLegis Cyber Law Firm
158 Sector 33A / Chandigarh / India / 160020
(0172)- 2621158, +91 9463598502
Subros and Associates Solicitors and Advocates
232 Sector 19A / Chandigarh / India / 160019
(0172)- 2775288, +91 9216884502
INSURANCE BANKING CYBER CONSUMER COMPANY