Indian Computer Emergency Response Team organised a
Workshop on Crimeware and Financial Frauds on
5th November, 2008 at CERT-In Training Room, CERT-In
Department of Information Technology
Electronics Niketan, 6, CGO Complex, New Delhi
Following was the Agenda:
- Crimeware Trends
- Internet Banking – Frauds & Defenses
- E-Commerce, Frauds and Challenges
- Crimeware Threats and Countermeasures
Maninder of Team Cybersmart.in was present and noted the following points:
- Countermeasures for preventing Crimeware and Malware : Social Measures – User Education and Awareness, Training, Visual and Print Media Administrative Measures – Coordination between Banks and Financial Institutions, Organisations, CERTs, information security vendors, ISPs and Law enforcement agencies Technical Measures at the organisation and user level
- Securing Websites / Portals, authentication of users, domain acquisition, fraud detection services
- Coordination with CERTs, ISPs – Take down phishing sites, information exchange on Malware, information exchange on attacks
- Enterprises – Information security Policies, HTTP scanning tools, Data leak prevention system.
- Internet Banking In India and Internet Banking Frauds and Defences – Spam, Scam, Malware, identity Theft, phishing, pharming, man in the browser, replay, vishing, zombies
- Identity Theft – Sniffers, Dumpster diving, shoulder surfing, social engineering, key loggers
- Phishing – URL obfuscation attacks, cyber squatting, cross site scripting, trojans
- Pharming – variant of phishing – redirect user to bogus website. Executed by changing the hosts file on user’s computer and DNS Poisoning
- Multifactor Authentication – Review guidelines by RBI and Monetary Authority of Singapore
- ecommerce frauds and challenges – India has 5th largest internet user base in the world. User profile Age < 30 (75%). 80% are males and 65% of users are graduates and post graduates
- In 2007 the volume of ecommerce in India was Rs. 2300 cr.
- Issues include: sales of illegal items, porn, drugs, guns, stealing or unauthorised access of sensitive information through hacking, piracy/IPR violations, transaction related issues, misuse of credit cards and online bank accounts, data theft
