[Sunday observer EXTRA]
Beware!
Phishers can swindle you:
By Manjula FERNANDO
On a Monday afternoon Sumith Perera received an e-mail from his bank
informing him that he needs to update the security details on the
e-banking website.
|
Janantha Marasinghe |
A ‘website link’ was provided on the e-mail that he received, along
with instructions to ‘click on the link’ to access the e-banking
website.
The wording and style of the particular mail was identical to e-mails
he had received from the bank before. There was nothing suspicious about
the mail. So, with the intention of securing his account from Internet
criminals, he clicked on the link to update his security settings.
When he did so, the customary e-banking login page appeared on the
screen. He entered his e-banking user-name and password and clicked the
submit button. Nothing happened on the screen and the same page was
displayed on the screen.
Thinking that he must have made a mistake Sumith typed the user-name
and the password once again to see the same thing happen.
Thinking it was an error in the e-banking system he went about doing
his other work, completely forgetting about the e-mail received from the
bank. What he didn’t realize at the time was that he had just been ‘phished’.
The attacker had hosted a login page similar to the bank’s actual
login page and placed it in a hacked web server.
“When people enter their e-banking use-rname and password, the
attacker gets a copy, then he can login to the real e-banking site as
that user and transfer funds,” Janantha Marasinghe, a Systems Security
Specialist with TechCERT, a division of LK Domain Registry told the
Sunday Observer.
Stealing sensitive information posing as a trustworthy source via
Internet, is becoming an alarming trend in Sri Lanka.
|
What is phishing? |
| It is a
malicious attempt of sending e-mails to people, pretending to be
from legitimate companies in order to get individuals to reveal
personal information, such as log-in credentials, credit-card
numbers, etc.
New patterns
to phishing
In traditional phishing,
attackers send out the phishing e-mail to a large number of
people. But now the attackers are targeting individuals with
value such as top level company and government officials. After
the emergence of social networking it has become easier to find
information about individuals and their associates. Attackers
use this information to their advantage to customize the e-mail
message so that the victim will see it as a person he/she knows.
Detecting
phishing in your inbox
1. If the e-mail body states
that you have to do some action and it requires you to login
(e.g. an attacker could send an e-mail pretending to be from a
bank) be cautious.
2. Never trust links in an
e-mail
3. Do not open attachments from
unknown e-mail addresses. Be cautious when opening attachments
even from known e-mail contacts- Use an upto date anti-virus
scanner.
4. You shouldn’t give out
personal information as a reply to an e-mail. (e.g. this could
be but not limited to date of birth, NIC no, credit card number,
address etc)
5. Always take a good look at
the URL. Attackers may use a technique called typesquatting so
the phishing site may go on un-noticed (e.g. www.mybank.com may
be used by the attacker like www.mybannk.com- notice the extra
“n”)
6. Always type the web address
on the browser rather than clicking the link contained in an
e-mail message
7. Never call any phone number
stated in suspicious e-mails (e.g.the attacker could send an
e-mail as sent from a bank and have the attacker’s contact
number on it.)
When you
detect phishing
1. Do not give out any details
to the phishing website
2. Notify the organisation in
question regarding the phishing e-mail
3. Notify Computer Emergency
Response Teams such as TechCERT
4. Create awareness among your
family and friends regarding this phishing e-mail.
If you have given out personal
or sensitive information
1. Change security settings such
as passwords and security questions on all your online accounts.
2. Notify the organisation in
question regarding the phishing e-mail
3. Notify Computer Emergency
Response Team such as TechCERT
TechCERT has researched and
developed an early detection system to locate phishing sites. It
is currently being piloted with a financial institution in Sri
Lanka. The early detection service is due to be launched in one
month’s time. TechCERT is a research partner for the Anti
Phishing Working Group (APWG), the world’s leading body to
handle phishing related incidents. |
These internet criminals intend to rob you of your virtual identity
and find access to the sites you interact with, it could be your bank,
office - especially if you are working for a defence related
establishment or a private company whose internal data and information
is of paramount importance to your rival. These attackers are sometimes
paid to do their jobs and their target is to pilfer confidential
financial information and classified security data etc for their
clients. Sometimes the attackers themselves want to steal your
user-names and passwords to gain access to your bank account and rob
your money. The number of victims who fall prey to phishing in Sri Lanka
is on the rise.
Thus it is of paramount importance that Internet users are made aware
of this threat and how to be better prepared to identify phishing mail
and not fall prey. Marasinghe said millions of rupees have already been
lost due to phishing in Sri Lanka and TechCERT has received over 15
major complaints of phishing in the past six months alone.
Soon after Sumith Perera’s mishap another e-banking customer who is
IT savvy detected the fake URL in the phishing e-mail and informed the
bank. The bank in turn contacted the TechCERT hot-line for assistance.
TechCERT, a unit manned by IT experts of the Moratuwa University
provides computer emergency response services to the public and private
sector institutions in Sri Lanka. TechCERT has collaborative
partnerships with several national and global information security
organisations that provide the latest data on computer and network
security threats and vulnerabilities.
Meanwhile, the bank’s IT security team takes immediate steps to block
all transactions to 3rd party destinations and start monitoring the
transaction activity.
“The URLs sent by the attackers are slightly different to the actual
URLs but barely detectable to a novice. Hence it is best not to use a
link in a mail to log into your bank accounts or any other service. If
you receive a mail concerning sensitive information from your bank, etc
it is best to call the bank and cross check before acting on the
e-mail,” Marasinghe warns.
He advises it is best to use your own link to log into your bank
account rather than follow the easy way of clicking on the link in a
mail. According to him the chances of receiving a phishing mail by an
attacker is no more a remote possibility in Sri Lanka now.
The incident response team at TechCERT managed to trace the source of
the phishing e-mail received by Sumith Perera and the other customer and
identify that it was sent via an open mail relay (anyone can send
e-mails using this server).
“TechCERT immediately got to work and took down the phishing
website.”
Following the detection, the bank’s IT security team blocked several
fraudulent money transferring attempts. But despite the early discovery,
one transaction had already taken place and that money could not be
recovered.
“This is one of the many real phishing incidents that happened in Sri
Lankan Cyberspace lately. The aggregate losses amounted to millions of
rupees.”
The particular website was found to have been hosted in another
country in co-ordination with the foreign web hosting provider and the
domain registry.
Marasinghe said, “Many of the ‘phishers’ that we have come across so
far were from foreign destinations. They could well be Sri Lankan
expatriates.” Once the source is uncovered the TechCERT team hands over
the case to the police or the CID. They have come across similar
phishing attacks on local as well as established international banks
operating in the country.
The early detection of such phishing sites is vital to protect
finances and valuable data of the masses who make use of online
services. Hence, awareness is of paramount importance, say the experts
who work with units like TechCERT day and night to ensure that Sri
Lankan cyberspace is devoid of criminals and stalkers. |
