Sunday Observer Online
   

Home

Sunday, 17 July 2011
Untitled-1

observer
 ONLINE

OTHER PUBLICATIONS

OTHER LINKS

Marriage Proposals
Classified
Government Gazette
[Sunday observer EXTRA]

Beware!

Phishers can swindle you:

By Manjula FERNANDO

On a Monday afternoon Sumith Perera received an e-mail from his bank informing him that he needs to update the security details on the e-banking website.


Janantha Marasinghe

A ‘website link’ was provided on the e-mail that he received, along with instructions to ‘click on the link’ to access the e-banking website.

The wording and style of the particular mail was identical to e-mails he had received from the bank before. There was nothing suspicious about the mail. So, with the intention of securing his account from Internet criminals, he clicked on the link to update his security settings.

When he did so, the customary e-banking login page appeared on the screen. He entered his e-banking user-name and password and clicked the submit button. Nothing happened on the screen and the same page was displayed on the screen.

Thinking that he must have made a mistake Sumith typed the user-name and the password once again to see the same thing happen.

Thinking it was an error in the e-banking system he went about doing his other work, completely forgetting about the e-mail received from the bank. What he didn’t realize at the time was that he had just been ‘phished’.

The attacker had hosted a login page similar to the bank’s actual login page and placed it in a hacked web server.

“When people enter their e-banking use-rname and password, the attacker gets a copy, then he can login to the real e-banking site as that user and transfer funds,” Janantha Marasinghe, a Systems Security Specialist with TechCERT, a division of LK Domain Registry told the Sunday Observer.

Stealing sensitive information posing as a trustworthy source via Internet, is becoming an alarming trend in Sri Lanka.

What is phishing?
It is a malicious attempt of sending e-mails to people, pretending to be from legitimate companies in order to get individuals to reveal personal information, such as log-in credentials, credit-card numbers, etc.

New patterns to phishing

In traditional phishing, attackers send out the phishing e-mail to a large number of people. But now the attackers are targeting individuals with value such as top level company and government officials. After the emergence of social networking it has become easier to find information about individuals and their associates. Attackers use this information to their advantage to customize the e-mail message so that the victim will see it as a person he/she knows.

Detecting phishing in your inbox

1. If the e-mail body states that you have to do some action and it requires you to login (e.g. an attacker could send an e-mail pretending to be from a bank) be cautious.

2. Never trust links in an e-mail

3. Do not open attachments from unknown e-mail addresses. Be cautious when opening attachments even from known e-mail contacts- Use an upto date anti-virus scanner.

4. You shouldn’t give out personal information as a reply to an e-mail. (e.g. this could be but not limited to date of birth, NIC no, credit card number, address etc)

5. Always take a good look at the URL. Attackers may use a technique called typesquatting so the phishing site may go on un-noticed (e.g. www.mybank.com may be used by the attacker like www.mybannk.com- notice the extra “n”)

6. Always type the web address on the browser rather than clicking the link contained in an e-mail message

7. Never call any phone number stated in suspicious e-mails (e.g.the attacker could send an e-mail as sent from a bank and have the attacker’s contact number on it.)

When you detect phishing

1. Do not give out any details to the phishing website

2. Notify the organisation in question regarding the phishing e-mail

3. Notify Computer Emergency Response Teams such as TechCERT

4. Create awareness among your family and friends regarding this phishing e-mail.

If you have given out personal or sensitive information

1. Change security settings such as passwords and security questions on all your online accounts.

2. Notify the organisation in question regarding the phishing e-mail

3. Notify Computer Emergency Response Team such as TechCERT

TechCERT has researched and developed an early detection system to locate phishing sites. It is currently being piloted with a financial institution in Sri Lanka. The early detection service is due to be launched in one month’s time. TechCERT is a research partner for the Anti Phishing Working Group (APWG), the world’s leading body to handle phishing related incidents.

These internet criminals intend to rob you of your virtual identity and find access to the sites you interact with, it could be your bank, office - especially if you are working for a defence related establishment or a private company whose internal data and information is of paramount importance to your rival. These attackers are sometimes paid to do their jobs and their target is to pilfer confidential financial information and classified security data etc for their clients. Sometimes the attackers themselves want to steal your user-names and passwords to gain access to your bank account and rob your money. The number of victims who fall prey to phishing in Sri Lanka is on the rise.

Thus it is of paramount importance that Internet users are made aware of this threat and how to be better prepared to identify phishing mail and not fall prey. Marasinghe said millions of rupees have already been lost due to phishing in Sri Lanka and TechCERT has received over 15 major complaints of phishing in the past six months alone.

Soon after Sumith Perera’s mishap another e-banking customer who is IT savvy detected the fake URL in the phishing e-mail and informed the bank. The bank in turn contacted the TechCERT hot-line for assistance.

TechCERT, a unit manned by IT experts of the Moratuwa University provides computer emergency response services to the public and private sector institutions in Sri Lanka. TechCERT has collaborative partnerships with several national and global information security organisations that provide the latest data on computer and network security threats and vulnerabilities.

Meanwhile, the bank’s IT security team takes immediate steps to block all transactions to 3rd party destinations and start monitoring the transaction activity.

“The URLs sent by the attackers are slightly different to the actual URLs but barely detectable to a novice. Hence it is best not to use a link in a mail to log into your bank accounts or any other service. If you receive a mail concerning sensitive information from your bank, etc it is best to call the bank and cross check before acting on the e-mail,” Marasinghe warns.

He advises it is best to use your own link to log into your bank account rather than follow the easy way of clicking on the link in a mail. According to him the chances of receiving a phishing mail by an attacker is no more a remote possibility in Sri Lanka now.

The incident response team at TechCERT managed to trace the source of the phishing e-mail received by Sumith Perera and the other customer and identify that it was sent via an open mail relay (anyone can send e-mails using this server).

“TechCERT immediately got to work and took down the phishing website.”

Following the detection, the bank’s IT security team blocked several fraudulent money transferring attempts. But despite the early discovery, one transaction had already taken place and that money could not be recovered.

“This is one of the many real phishing incidents that happened in Sri Lankan Cyberspace lately. The aggregate losses amounted to millions of rupees.”

The particular website was found to have been hosted in another country in co-ordination with the foreign web hosting provider and the domain registry.

Marasinghe said, “Many of the ‘phishers’ that we have come across so far were from foreign destinations. They could well be Sri Lankan expatriates.” Once the source is uncovered the TechCERT team hands over the case to the police or the CID. They have come across similar phishing attacks on local as well as established international banks operating in the country.

The early detection of such phishing sites is vital to protect finances and valuable data of the masses who make use of online services. Hence, awareness is of paramount importance, say the experts who work with units like TechCERT day and night to ensure that Sri Lankan cyberspace is devoid of criminals and stalkers.

EMAIL |   PRINTABLE VIEW | FEEDBACK

www.defence.lk
Donate Now | defence.lk
www.apiwenuwenapi.co.uk
LANKAPUVATH - National News Agency of Sri Lanka
Telecommunications Regulatory Commission of Sri Lanka (TRCSL)
www.army.lk
www.news.lk
 

| News | Editorial | Finance | Features | Political | Security | Sports | Spectrum | Montage | Impact | World | Obituaries | Junior | Magazine |

 
 

Produced by Lake House Copyright © 2011 The Associated Newspapers of Ceylon Ltd.

Comments and suggestions to : Web Editor