Reported By:
| Edited By: Mayank Tewari |Source: |Updated: Nov 19, 2013, 11:17 PM IST
Mayank Tiwari of DNA finds out how fraudsters use netbanking to rob your bank account
Online banking may be a convenient option to cumbersome queues, but not quite a safe one. Customers using internet banking facilities of leading Indian private banks and financial institutions in Mumbai and Delhi are being robbed every month by well-trained gangs of cyber criminals who steal net banking passwords, and money, from their accounts.
In the absence of any government regulation and legal remedy for such cases, harried customers and banks are engaged in a tussle that in some cases ends with the banks releasing the stolen money to the victims. Usually, victims do not even realise they have been cheated for months at a stretch.
Bankers who spoke to DNA on the condition of anonymity said the criminals usually steal small amounts, which often go unnoticed. “There have been instances where Rs100 has been stolen from 100 accounts every month for six months or more,” said a banker.
“On an average, three to five internet banking users fall prey to phishing or other innovative forms of identity theft every day,” said Pawan Duggal, a leading cyber crime lawyer.
However, since online thefts directly affect a bank’s online image, most cases go unreported and banks directly negotiate with the victims. “As of now there has not been any instance where a customer has taken a bank to court over losses due to identity theft,” Duggal added.
An ICICI Bank spokesperson admitted the bank encounters two to three phishing attacks every month, but added “Phishing attacks are not as common in India as in the West.”
He said the bank usually pays the stolen money to customers after investigating the matter. “We investigate if the customer gave his password away out of carelessness or if the customer was cheated into giving his password. If it is proved that the customer has indeed been cheated by a phishing attack, the bank returns the money,” Charu Deshpande, the ICICI spokesperson said.
Phishing—the method deployed by cyber criminals to steal private and confidential information of an internet user—has become the biggest challenge before the Indian financial system in the last three years. According to a government estimate, phishing incidents grew from three in 2004 to 393 cases in 2007.
A separate study by internet security firm Symantec reported that the number of phishing attacks on banks in India shot up three times to 120 attacks in January 2008, from only 20 attacks four months ago in October 2007. The study ranked Mumbai first in the country in terms of phishing sites, followed by New Delhi.
Cyber security experts who work closely with banks to crack down on online thefts told DNA that most users lose their passwords between the first and seventh of every month -when salaries are transferred electronically -and they are most likely to bank online.
“Most people whose passwords are stolen seldom know about it. They only report to the bank when a large sum of money suddenly disappears. Seldom does that happen. Phishing attacks work well only when a small amount of money is extracted from a large number of people. This way the fraud can carry on for a long time undetected,” said Raghu Raman, CEO, Mahindra Special Services Group, a consulting firm that helps banks and financial institutions secure their online business.
“In India, cyber attacks are designed to gather information with financial value to the attacker. Criminals are getting more professional with focused commercial intent in development, distribution and use of malicious code and services. Their focus is on Tier-II cities,” said Vishal Dhupar, managing director, Symantec India.
t_mayank@dnaindia.net
