Cybercrime has moved on from amateur teenage hackers to a sophisticated business run with all the trimmings
Recently, the email account (Hotmail) of Kumar Ketkar, editor of Marathi daily Loksatta was hacked into, and the hackers sent out fraudulent mails to his friends and acquaintances asking for money. Fortunately, all these people called him and found out that it was a hoax created by cyber-criminals.
I checked with Mr Ketkar and he told me that he received a mail asking him to verify his name, date of birth and password immediately, failing which his Hotmail account would cease to exist within 48 hours. The overall 'get-up' of this mail looked so authentic that Mr Ketkar innocently gave away his data by clicking on the link. He has been using this email account since 1998 and was even paying $10 per month for usage in the initial days of this email service. For someone like Mr Ketkar, the loss of data and contacts matters more than the loss of his email ID. However, he told me that he may get access to his mail account very soon.
But the point is, I am surprised by the language used in the verification mail sent by the hackers—they are becoming really smarter day by day. Otherwise, how can someone well-learned like Mr Ketkar get fooled so easily? Generally, mails from spammers and hackers have followed similar wordings like signing off with ‘Mr XYZ’, which nobody with some knowledge of manners would use. Also, the hackers used to trick you by inviting you to share their 'fortune' or via an online lottery. (Read more about Nigerian scams, here). But now, I can say that these hackers have become more sophisticated.
The hacking of email accounts and then using them to siphon off money from contacts and selling 'earn-from-home kits' have now become the new modus operandi of criminals. There have been some instances in India where Nigerian hackers befriended some locals and used the contact individual’s bank account to siphon off the money sent by victims.
Carl Leonard, senior manager, Websense Security Labs, had said, “A new wave of scams has emerged using a combination of legitimately bought advertising space, false news stories and the lure of job opportunities with well-known companies. This aggressive campaign, which preys on a population weakened by the economic downturn, demonstrates how cybercrime has moved on from the spotty teenage hacker in his bedroom to a sophisticated business run with all the trimmings.”
According to a recent report by online market research company Juxtconsult, the burgeoning online landscape has a population of 49 million Internet users in India, out of which 44 million use emails and close to 25 million browse the Internet every day. On any given day, AVG, the free antivirus services provider, estimates that around 8 million to 14 million unique users worldwide are exposed to social-engineering scams.
So how can you protect yourself from such scams? There are some very basic, simple steps that you need to take to start with. First, never ever give away any information by clicking on a link. If at all you need to update your personal information on any particular website, do it by typing the default address of the site manually and then proceed to the respective link. Second, use strong passwords (Know how to create robust passwords here) and change them frequently. Ideally, any online password should be more than eight characters long, must contain numeric and special keywords like—!, @,#,$,% etc.
Third, whenever you get some link that asks you to verify your personal information, check the credentials of the link. Copy the link and paste it in your search engine. Most often, you will get necessary information in the first search window—otherwise just delete other words, except the name of that linked site and you may find out whether it’s genuine or fake. I would advise you to use Mozilla Firefox with plug-ins like web of trust (WOT), no scripts and cool previews. With the WOT plug-in, whenever you enter any phrase or word in the Google search window, if the link is genuine or trusted, you will see a green circle on the right side of the link. The colour of the circle changes with the authenticity of the link, so you would know what not to click.
There is one more method, if you can find out the IP address of the link, then simply log into www.maxmind.com that offers geo-location and online fraud prevention services. Here you will know the location of the site, its ISP and the organisation which is using that IP address.
Similarly, you can go to www.scamomatic.com and check the contents of your mail for possible scams.
For those who have received mail asking for help, if you know the mailer, just pick up the phone and call that person, and if you don’t know the mailer, then why bother? Just delete the mail.