What is Phishing
Phishing is the fraudulent attempt
to obtain sensitive information
including user data, login
credentials, credit card details
through electronic communication.
Slide 3
Slide 3 text
How?
• Attacker send an email that appears to be from a legitimate
company and ask to provide sensitive information.
• Contact through phone call by mimicking the know entity.
For example, I am your virtual relationship manager calling
from you bank your credit card is block. Kindly share your
CCV number and received OTP to activate it.
• Using a Phishing kit - It’s a web component. Attackers
replicated a known brand or organisation’s legitimate
website. Those url will be sent to target by email or other
medium.
Crowd-sourced lists of known phishing kits
https://openphish.com
www.phishtank.com
Slide 4
Slide 4 text
Phishing Technique
Spear Phishing - attacks directed at
specific individuals or companies.
Whaling - attacks directed specifically at
senior executives and other high-profile
targets.
Vishing - contact target by telephone
mimics known entities to steal sensitive
information.
…
Slide 5
Slide 5 text
Punishment
Punishment is upto 2 years
jail term / fine amount / both
Such fraudulent are
punishable under Indian
Penal Code, 1860 (IPC)
It’s often invoked along with
the Information Technology
Act, 2000.
Slide 6
Slide 6 text
Why it continues to happen
• It’s very hard to trace the
identity of Phishing
scammer.
• There is a legal principle
“Bail is rule and jail is an
exception”.
• Whoever committed this
offence they can easily come
out in bail and engage in
committing the crime again.
Slide 7
Slide 7 text
How you can prevent
Slide 8
Slide 8 text
Verify the URL
Slide 9
Slide 9 text
Pay attention to the SSL and browser
warnings
As per Anti-Phishing Working Group 2020 report, 75 percent of all phishing sites now use SSL protection
Slide 10
Slide 10 text
Pay attention to the spam filter warning
Slide 11
Slide 11 text
Sender Policy Framework (SPF)*
Sender Policy Framework (SPF) record- is a type of Domain
Name Service (DNS) TXT record that identifies which mail
servers are permitted to send email on behalf of your domain.
* For Organization
Slide 12
Slide 12 text
DomainKeys Identified Mail (DKIM)*
DomainKeys Identified Mail (DKIM)- Organisation take
responsibility for a message that is in transit. The organisation
is a handler of the message, either as its originator or as an
intermediary.
* For Organization
Slide 13
Slide 13 text
Cure
• Change all your passwords.
• For banking related frauds Immediately approach
your bank give a formal complaint with whatever
proof you have.
• Report the phishing website url here https://
safebrowsing.google.com
Slide 14
Slide 14 text
If the transaction happens without user’s
Intervention
In 2017, RBI sent a circular
to all the banks if such
fraudulent are reported
the bank has to take
resolution with in 3 days
and revert back the
money to customer.
Limiting Liability of Customers in Unauthorised Electronic Banking Transactions
Slide 15
Slide 15 text
If the transaction happens by
deceiving the user
• If the action is taken by the bank and phisher’s account is
freeze by the bank you can approach the court with proper
documents and get direction to get your money back.
• If the phisher withdraw the money and gone untraceable,
bank have option to claim from their insurance and credit to
the customer account.