Phishers have already made their mark in the financial sector by causing more than 130 crore loss to Indian banks in the last 3 years due to various sophisticated attacks, news reports have stated.
While the country is still feeling the heat of the advancement and exponential rise in phishing attacks, the Symantec Intelligence Report on phishing sites in India reveals Information Technology sites to be the most vulnerable amongst the targeted websites by the Phishers last year.
According to Symantec February Intelligence report, the global phishing rate increased by 0.018 percentage points, taking the global average rate to one in 466.3 emails (0.214 percent) since January 2013. In the month of January, the number of phishing URLs associated to Indian brands accounted for 0.15% of the global phishing statistics.
While education was at the top of the most targeted websites in 2011, but fell to second place in 2012. The states in India where phishing sites spoofing education websites was most prevalent were Rajasthan, Andhra Pradesh, Delhi, Maharashtra, and Punjab.
This implies a new wave of phishing attacks among various organizations as the cyber criminals become highly sophisticated and targeted. Phishers continue to pursue Indian sites across many disciplines to host their phishing pages. The most targeted Indian sites are classified in various categories - Information Technology (14.40%), Education (11.90%), Product Sales and Services (9.80%), industrial and manufacturing (7.30%), and Tourism, Travels and Transport (5.80%).
The figures for secure websites such as Government, Telecommunication, and ISP were low and at the bottom of the list. This offers evidence that phishers opt to target more vulnerable websites.
Internet users are advised to follow best practices to avoid phishing attacks:
1. Do not click on suspicious links in email messages
2. Do not provide any personal information when answering an email
3. Do not enter personal information in a pop-up page or screen
4. Ensure the website is encrypted with an SSL certificate by looking for the padlock, 'https', or the green address bar when entering personal or financial information
5. Update your security software (such as Norton Internet Security 2012) frequently, which protects you from online phishing