Beware of phishing expedition in Hindi
Beware of phishing expedition in Hindi
Spam emails in Devanagari script are being circulated
Real estate executive Badal Srivastava (26) was overjoyed after receiving a mail written in Hindi, which claimed that he had won a handsome amount in a lottery scheme. But when he looked at it again with some friends, several spelling errors in the mail raised doubts. Finally, they consulted a cyber expert who told them it is part of what's popularly known as 'Nigerian spam'.
"What raised my doubts was the message that provided non-standard contact details for further communication and reference to some famous brands as sponsors. A web search didn't throw up any information on any lottery or contests. Even the language in which the mail was drafted had lot of spelling errors," said Badal.
Expanding market According to experts, cyber crooks are viewing India a big market and so to target users they have localised their content and have started using Hindi in drafting the mails. Security firm Symantec claims that with the increasing number of Internet users in emerging economies, there will be a decrease in the number of attacks in English and a rise in spam in regional languages. Over the past few years, India has increasingly become the target for cyber criminals - from phishing and spam attacks around Diwali, to the more recent Cricket World Cup - India-specific events are being used to fool users in the country into parting with their money and information.
"While German, Spanish and other European languages are routinely used in scams, the discovery of the first Hindi spam reinforces the fact that India - where 35% of spam in the region originated, and the 6th ranked country for malicious code in 2010 - is rising on the cyber criminal's radar," said Gaurav Kanwal, Country Sales Manager, Symantec.
Source anywhere But it is really hard to detect the location of these cyber criminals as they are everywhere. "Just as the Internet knows no boundaries, neither does cybercrime. While we cannot identify the crooks behind this scam by their nationality, today there are attack toolkits available which automate the process of sending phishing emails. These toolkits make it easy for even novice criminals with little specialised knowledge to craft and disseminate sophisticated attacks with a high success rate. In fact, Symantec's report on Attack Toolkits and Malicious Websites revealed that over 60% of malware today is spread through attack toolkits," said Gaurav. These cyber criminals are targeting resident users of tier I and II cities. "It is evident that India has become a big target for cyber criminals, with a growing number of phishing campaigns leveraging India-specific events and now, the first phishing emails observed in Hindi. As the Internet reaches a larger section of the population residing in tier II cities, users need to be careful and "think before they click", said cyber crime expert Vivek Vohra.
Going vernacular "The other aspect that might have contributed to the spamsters turning to Hindi as the preferred language is that most Gram Panchayats are using the Internet for information on farming and village administration. The users at this level are easy targets," said another security firm, Kaspersky. According to reports, other Hindi-speaking countries such as Pakistan, Bangladesh, Nepal, and the vast population of Indians working across the globe are also being targeted with spam mails in Hindi.
Your secret's not safe Cyber criminals are now targeting the trade secrets of well-known global organisations including those in India as they see greater value in selling a corporation's proprietary information to competitors and foreign governments, according to a report. "Cyber criminals are now focusing on trade secrets of global companies. Sophisticated attacks like Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the largest, and seemingly most protected corporations in the world," says Simon Hunt, VP and chief technology officer, endpoint security at McAfee. The report 'Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency', has been prepared by security technology company McAfee and Science Applications International Corporation, a scientific, engineering, and technology applications company in USA. More than 1,000 senior IT decision makers in India, US, UK, Japan, China, Brazil and the Middle East were surveyed for it. Out of the 100 representatives from different organisations surveyed from India, 29% said they had suffered a security breach and this number has increased from 19% in 2008.