Phishers Piggyback on Indian Websites

Contributors: Avdhoot Patil, Ayub Khan, and Dinesh Singh

Have Indian websites become a safe haven for phishers? To better understand, let’s explore how phishers create a phishing site. There are several strategies phishers frequently use: hosting their phishing site on a newly registered domain name, compromising a legitimate website and placing their phishing pages in them, or hosting their phishing site using a web hosting service.

Let’s now focus on the second method which involves the use of compromised legitimate websites. From April, 2011, to October, 2011, about 0.4% of all phishing sites were hosted on compromised Indian websites. These compromised websites belonged to a wide range of categories but the most targeted was the education category which included websites of Indian schools, colleges, and other educational institutions. Symantec has previously reported on the websites of Indian educational institutions compromised by phishers. The education category consisted of 13% of compromised Indian websites. Some of the other top categories were information technology (11%), sales (9%), Web services (8%), and e-commerce (6%).

The existence of Indian phishing sites in the education category may not be alarming but phishers have exploited Indian websites owned by individuals and organizations across many disciplines:

The phishing sites hosted on these Indian websites spoofed a multitude of brands. The majority of these brands belonged to the banking sector (comprising about 68%). The e-commerce sector comprised about 22%, and information services 3%.

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.