Cybercriminals Target Asian Internet Users

By Author: eccuni
Total Articles: 211
Comment this article

Cybercriminals constantly evolve new techniques to defraud Internet users. In the recent times, scammers were swift in leveraging Tsunami in Japan, the Royal Wedding and death of Osama Bin Laden. Scammers seem to have their turned their focus on Asian countries. Asian countries such as Indian and China have witnessed tremendous growth in Internet usage. Recently, Symantec identified a spam e-mail in Hindi targeting Indian users. Usually, cybercriminals use English and European languages to defraud Internet users. In case of the latest spam, attackers used Devnagari script to propagate spam e-mails in Hindi. The cleverly crafted e-mail attempts to entice the recipients by informing them that they have won a cash reward and a car. Spammers urge the recipients to contact undersigned representative with sensitive personal details such as full name, mailing address, gender, age, marital status, and contact numbers. When unwary recipients divulge details, attackers may use social engineering techniques to extract further personal and financial information. Spam e-mail in Hindi is an attempt by cybercriminals to reach wider audience ...
... and trick more number of users into fraudulent schemes. Usually, scam e-mails attempt to defraud users through fake job offers, lottery and royalty announcements, fraudulent fund transfer schemes and dubious business proposals.

Tax refund phishing scams have been common in United Sates (U.S) and United Kingdom (U.K). Phishers are now attempting to defraud Indian tax payers through tax refund scams. Recently, Symantec identified a tax refund scam, wherein attackers redirect Internet users to a spoofed website of Reserve Bank of India (RBI), the central bank of the country. This may be another indication that cybercriminals are actively targeting Asian Internet users. Attackers inform tax payers that they are eligible to tax refunds. The spoofed website seeks financial information to transfer tax refunds directly to the personal banking account of the tax payers. The spoofed website is strikingly similar to the legitimate site and urges users to select their bank from a list of 8 Indian banks, enter Customer ID, and password. The site then redirects users to another page that seeks debit or credit card number, and Personal Identification Number (PIN). The spoofed site acknowledges the request for tax refund and redirects users to a genuine page of RBI. Attackers may use the extracted information to gain unauthorized access to user banking accounts, withdraw funds, and conduct unauthorized money transfers. RBI has alerted the public against tax refund scams. Usually, the Income Tax department in India seeks account number in the tax return form, and any refund due is directly refunded to tax payers account. Hiring professionals qualified in masters of security science and IT security certifications may help organizations and regulatory authorities to identify security threats and issue necessary alerts.

Internet users must be cautious while providing personal and financial information on websites. They must confirm the authenticity of website and cross-check with the concerned institution in case of suspicion. They must report fraudulent websites to the concerned institutions and legal authorities. They must install latest browsers, which prevent them from accessing reported forged sites. Adherence to security updates and alerts on security blogs may help Internet users to stay abreast of latest spam campaigns and threats. As social media sites are increasingly gaining popularity in Asian countries, organizations must advise employees on precautions to avoid data theft through social engineering schemes. Mandatory online degree and e-learning programs on cyber security may help employees in understanding and implementing secured online practices.

Growing instances of cybercrime has led to increased demand for Information and IT security professionals. Educational institutions could be encouraged to devise and regularly update online university degree courses to enable professionals to deal with latest security threats.