Subros

Legal

Connect DECEMBER 2015

Subros and Associates Solicitors and Advocates

CyberCyberCyberCyber@LegisLegisLegisLegis Cyber Law

CYBER

Subros

Crime Pays ?

CyberCyberCyberCyber@LegisLegisLegisLegis Cyber Law

CYBER

Subros

DON’T LOGIN LINKS

IN EMAILS !

Or go toOr go toOr go toOr go to

www.iamstupid.comwww.iamstupid.comwww.iamstupid.comwww.iamstupid.com

CyberCyberCyberCyber@LegisLegisLegisLegis Cyber Law

CYBER

Subros

In association withIn association withIn association withIn association with CyberCyberCyberCyber@LegisLegisLegisLegis

Fighting Cyber FraudFighting Cyber FraudFighting Cyber FraudFighting Cyber Fraud

CYBER

Subros

Your Date of Birth, Adhaar Number, Bank Account

number, Credit card number, you wouldn’t give it to

me if I asked…..but you would happily if the same

pops up in your email….

Welcome to the big bad world of PHISHING.

Its where my cyber crook friends, dine, wine and

make merry…. All at your expense.

“Phishing is the attempt to acquire sensitive

information such as usernames, passwords,

and credit card details (and sometimes,

indirectly, money), often for malicious

Subros

reasons, by masquerading as a trustworthy

entity in an electronic communication.”

EmailEmailEmailEmail has for long been the favourite “phishing”

ground , for the process has been painstakingly

simple and outrightly effective.

All they do is to call upon our basic human instincts.

Be it a free stuff (an iPhone may be), or a warning

(your bank just shot an email about a transaction you

havn’t done), or a scare (like an invoice for an iTunes

purchase you know you didn’t make).

Subros

There is always that urgency involved calling upon

you to take action right away…

You open an email or text, and see a

message like this:

"We suspect an unauthorized transaction on

your account. To ensure that your account is

not compromised, please click the link below

and confirm your identity."

"During our regular verification of accounts,

we couldn't verify your information. Please

Subros

click here to update and verify your

information."

“Our records indicate that your account was

overcharged. You must call us within 7 days

to receive your refund.”

“ Your account shall be closed or the bank

shall take other action if you don’t respond.

The senders are phishing for your information

so they can use it to commit fraud.

And presto there’s an inviting clickable link for the

purpose, to take you to a signup page (to register for

the iPhone), or a login screen (for internet banking),

or an account summary page (to contest the

fraudulent purchase).

Subros

And the dumb man that I am, totally inarticulate in the

way the world wide web works (www.iamstupid.com)

I fill in my personal details, my password, my bank

account number, my credit card number, my PAN ,

my Adhaar and so on, and click

[Submit]

…… all because that iPhone 6s is got to be mine….

It’s the oldest trick of the trade, not ingenious but

effective….

Subros

Crime pays…. Who said it doesn’t…..poof ….my

account is hacked, my bank account got wacked, my

credit card got swiped and a whole lot of my friends

received emails that I needed money as I was

travelling and had lost my belongings and the good

Samaritans that they are ( don’t I always choose my

friends wisely, as I come to know later), had bank

transferred royal sums to a bank account which I

didn’t own….

The crooks had done their homework. The web form

that appeared looked “the original”- a replica of my

Subros

bank account complete with layout and logos and

straight from my bank, or from iTunes, or wherever.

Only then did I find out that I had just submitted all

that I owned ( my id, my password, my account

details etc.) to a bunch of crooks instead of to the real

site. Its my money which I won’t ever get back.

Check it out Check it out Check it out Check it out ---- is my advice: The web has no friendsis my advice: The web has no friendsis my advice: The web has no friendsis my advice: The web has no friends.

Subros

Have you checked on

- the website name in the address bar. It will be

wrong, eg it wont have the name of your

bank.

- or the web page will be unencrypted (no

padlock – I call it the closed lock without a

key)

- It wont start with https: (meaning an

unsecured site)

- Is it asking for personal information that you

won’t even give me…. Your best friend

Subros

Don't email personal or financial information. Email is

not a secure method of transmitting personal

information. Only provide personal or financial

information through an organization's website if you

typed in the web address yourself and you see

signals that the site is secure, like a URL that

begins https (the "s" stands for secure).

Unfortunately, no indicator is foolproof; some

phishers have forged even security icons.

And remember the Reserve Bank or Your Bank never

asks for your personal information online.

Subros

But here’s an even easier way to protect yourself:

DON’T CLICK LOGIN LINKS IN

EMAILS IN THE FIRST PLACE!

Well if you have already done that….. Visit me at

WWW.IAMSTUPID.COM..... This site is still up for

sale.

Subros

About the author

SANDEEP SURI

is a practicing Lawyer, Electronics Engineer

Chevening Scholar and Editor - Punjab Law Reporter

CYBER

Subros

CyberCyberCyberCyber@LegisLegisLegisLegis Cyber Law Firm

cyberlegis@gmail.com

158 Sector 33A / Chandigarh / India / 160020

(0172)- 2621158, +91 9463598502

Subros and Associates Solicitors and Advocates

subros.associates@gmail.com

232 Sector 19A / Chandigarh / India / 160019

(0172)- 2775288, +91 9216884502

INSURANCE BANKING CYBER CONSUMER COMPANY