Rajiv Manivannan

What is Phishing Phishing is the fraudulent attempt to obtain sensitive information including user data, login credentials, credit card details through electronic communication.

How? • Attacker send an email that appears to be from a legitimate company and ask to provide sensitive information. • Contact through phone call by mimicking the know entity. For example, I am your virtual relationship manager calling from you bank your credit card is block. Kindly share your CCV number and received OTP to activate it. • Using a Phishing kit - It’s a web component. Attackers replicated a known brand or organisation’s legitimate website. Those url will be sent to target by email or other medium. Crowd-sourced lists of known phishing kits https://openphish.com www.phishtank.com

Phishing Technique Spear Phishing - attacks directed at specific individuals or companies. Whaling - attacks directed specifically at senior executives and other high-profile targets. Vishing - contact target by telephone mimics known entities to steal sensitive information. …

Punishment Punishment is upto 2 years jail term / fine amount / both Such fraudulent are punishable under Indian Penal Code, 1860 (IPC) It’s often invoked along with the Information Technology Act, 2000.

Why it continues to happen • It’s very hard to trace the identity of Phishing scammer. • There is a legal principle “Bail is rule and jail is an exception”. • Whoever committed this offence they can easily come out in bail and engage in committing the crime again.

How you can prevent

Verify the URL

Pay attention to the SSL and browser warnings As per Anti-Phishing Working Group 2020 report, 75 percent of all phishing sites now use SSL protection

Pay attention to the spam filter warning

Sender Policy Framework (SPF)* Sender Policy Framework (SPF) record- is a type of Domain Name Service (DNS) TXT record that identifies which mail servers are permitted to send email on behalf of your domain. * For Organization

DomainKeys Identified Mail (DKIM)* DomainKeys Identified Mail (DKIM)- Organisation take responsibility for a message that is in transit. The organisation is a handler of the message, either as its originator or as an intermediary. * For Organization

Cure • Change all your passwords. • For banking related frauds Immediately approach your bank give a formal complaint with whatever proof you have. • Report the phishing website url here https:// safebrowsing.google.com

If the transaction happens without user’s Intervention In 2017, RBI sent a circular to all the banks if such fraudulent are reported the bank has to take resolution with in 3 days and revert back the money to customer. Limiting Liability of Customers in Unauthorised Electronic Banking Transactions

If the transaction happens by deceiving the user • If the action is taken by the bank and phisher’s account is freeze by the bank you can approach the court with proper documents and get direction to get your money back. • If the phisher withdraw the money and gone untraceable, bank have option to claim from their insurance and credit to the customer account.

Thank You !