PUNE: Net banking and email frauds top the list of crimes registered by the Pune cyber cell this year.
The total number of cyber complaints till August this year has already crossed the 199 mark. Last year, 350 complaints were registered while the number of cases was above 200 in 2012 and 2013 each. Till last year, lottery and Facebook related crimes overshadowed all other crimes.
A bank fraud entails compromising net banking credentials while a credit/debit card fraud involves leaking a victim’s card data. Cyber crime expert Anshul Abhang said, “Banks have developed a system which takes 24 hours to transfer money to a new beneficiary added during any netbanking transaction. Meanwhile, an SMS is sent to the account holder conforming the addition of new beneficiary. If it is a transaction he is unaware of, he can immediately alert the bank.”
Abhang said that most net banking frauds happen because users respond to phishing emails sent from fake email addresses. “The sender of email asks the account holder to update his credentials by clicking on a link, which then takes him to a fake website,” he said.
The cyber cell data shows that the number of lottery frauds this year has dropped from 65 last year to 9 now. Abhang said an increased awareness over the past few years has brought the change. “Bank frauds, on the other hand, fall in the niche category. A user is more likely to believe in an email sent in the name of his bank than falling prey to a lottery email,” said Abhang.
A cyber crime cell official said the department has been getting complaints of job, credit and debit card frauds and defamation on social networking sites. “Unemployed youths are soft targets who fall for lucrative job offers. In case of card holders, fraudsters call posing as bank manager and tell the person that his ATM card has expired and seek his confidential details. Many end up revealing the information,” the official said.
The Trojan threat
Symantec, a leading software security firm in the world, released a new research on Dyre Trojan this year which says that the trojan is now configured to defraud customers of more than 1,000 banks and other companies worldwide. Dyre is a sophisticated piece of malware, capable of hijacking all three major web browsers — Internet Explorer, Chrome and Firefox — to intercept banking credentials. Financial institutions in the US and the UK are most targeted, but India is not far behind with a 6th global rank and second in Asia.
“Dyre is mainly spread using spam emails. In most cases, the emails masquerade as businessDOCUMENTS, voicemail or fax messages. If the victim clicks on an email attachment, they are redirected to a malicious website which will install the Upatre downloader on the computer. Upatre is one of the most popular downloader tools used by financial fraud groups. Upatre acts as a bridgehead on the victim’s computer, collecting information about it, attempting to disable security software, and finally downloading and installing the Dyre Trojan,” said Tarun Kaura, director of Technology Sales, India, Symantec.
Kaura said that Dyre is capable of using several different types of man-in-the-browser (MITB) attacks against the victim’s web browser to steal credentials.