Gone are the days of standing in a queue at the bank, with a token in hand waiting to make a transaction. Today, the internet allows us to perform so many banking transactions online?from checking account balances and transferring funds, to reviewing our credit reports and making bill payments. We no longer have to get in the car, drive to the bank, or communicate with a bank teller in person. For most of us, online banking offers tremendous time savings and the option to bank at our convenience. With the rapid advancement of technology, we are now able to use our mobile devices to help take care of our banking needs, regardless of whether we are at home, at work or even on holiday!
However, there?s always a flip side to things. Banking has evolved to be literally at our fingertips, but this convenience comes at a risk; cybercriminals are continuously on the lookout to steal our money, our information and identities. Symantec?s Internet Security Threat Report XVII reported that more than 232.4 million identities were exposed during 2011. The Norton Cybercrime Report 2012 found that globally, 18 adults become a victim of cybercrime every second, resulting in more than one and a half million cybercrime victims each day. The direct cost of cybercrime was an average of $197 per victim across the world and in India, that amount was only slightly lower at $192 or Rs 10,585.
The Norton Cybercrime Report 2012 also revealed that 42 million Indians have been victims of cybercrime in the past 12 months, which is a 75% increase from the number of cybercrime victims the previous year. Some of the more common techniques cybercriminals use to steal our information are phishing and pharming. Phishing is a method by which fake emails?for example, messages that look like they are coming from our banks?are sent to users asking for their account numbers and passwords. Pharming techniques are used by cybercriminals who create legitimate-looking webpages to trick visitors into divulging these details. Both of these methods are examples of social engineering?where the users themselves are tricked, duped or lured into parting with private information.
Just last year, Symantec observed attacks where phishers spoofed the Reserve Bank of India?s website as a ploy for a tax refund scam. The phishing site attempted to lure users by stating that the bank would take full responsibility for depositing the tax refund to the user?s personal bank account. The user was prompted to select the name of the bank from a list of eight banks and enter their customer ID and password. Through this, phishers intended to steal the confidential information of customers of several banks from a single phishing site. The following page asked for credit/debit card number and PIN number. After these details were entered, the phishing site displayed a message acknowledging that the request for the tax refund has been submitted successfully. The user was then redirected to the legitimate Reserve Bank of India site, little knowing that they had just become a cybercrime victim.
While these clever ploys by cybercriminals may lead many of us to hesitate from banking online, there are precautions we can take to ensure that our information and hard-earned money are safe regardless of the channel we use for transactions. If we are aware, vigilant and follow some basic guidelines, we can enjoy the convenience of banking online with confidence.
Be wary of emails asking for confidential information?especially of a financial nature. Legitimate organisations will never request sensitive information via email.
Don?t get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request.
Familiarise yourself with a website?s privacy policy.
Watch out for generic-looking requests for information. Fraudulent emails are often not personalised, while authentic emails from your bank often reference an account you have with them.
Never submit confidential information via forms embedded within email messages.
Never use links in an email to connect to a website. Instead, open a new browser window and type the URL directly into the address bar.
Maintain effective software to combat phishing. Norton Internet Security and Norton 360 multi-device automatically detects and blocks fake websites. It also authenticates major banking and shopping websites.
The writer is country sales manager?India & SAARC at Norton
