You are on page 1of 12

The current issue and full text archive of this journal is available at www.emeraldinsight.com/1359-0790.

htm

Online identity theft an Indian perspective


D. Vijaya Geeta
Department of Operations, GITAM Institute of Management, GITAM University, Visakhapatnam, India
Abstract
Purpose Today almost all businesses are connected online and net banking has becoming a buzzword. The concept of identity theft which was more known in the Western world is making its presence felt in developing economies like India. In this context, the purpose of this paper is to review the current scenario of phishing attacks in India and provide some countermeasures that can be adopted by online rms to ght this kind of attack. Design/methodology/approach A few statistics related to the phishing attacks worldwide are compared with Indias to gauge the severity of the problem. Security measures adopted by a few banks worldwide are reviewed and are compared with their counterparts in India. In the end, some guidelines are furnished on how to tackle the situation. Findings There has been an increase in identity theft in the last few years which could pose a serious problem in the future, resulting in loss of trust by the customer towards net banking. Most of the Indian banks are taking initiatives to address the problem but still more work is to be done in the case of small and rural banks. Originality/value Since identity theft is not only a concern of one individual but the responsibility of the concerned nancial rm, measures needs to be taken to protect the identity and data of their online customers. This paper is an attempt to assess the present situation. Efforts have been made to come out with the security measures that can be adopted by different rms in enhancing security and protect the identity of their online customers. Keywords Phishing, Security measures, Banking, India, Internet, Trust, E-business Paper type General review

Online identity theft

235

1. Introduction Internet has inuenced in the way we carry out our tasks in daily life. It emerged from a mere information resource to an important tool to carry out nancial transactions. Eriksson et al. (2008) observed that the subsequent evolution of internet banking has fundamentally changed the ways in which banks implement their business and consumers conduct their everyday banking activities. Any business which has online presence collects and holds personally identiable information about their employees, customers, or business partners. If sufcient measures are not taken in protecting this information, there is a risk of identity theft. There are many ways by which cyber thieves steals identity and phishing is one of the most popular and successful techniques employed by cyber thieves to steal identity by using deceptive e-mails. Phishing represents an online method of identity theft employed by phishers to steal attributes (like passwords or account numbers) used by online consumers. In a typical phishing attack, a phisher faking as an agent from the customers bank or nancial institution, sends e-mails to customers and ask them to click on a hyperlink to further process their account details. Clicking on this link will lead the customer to a web site

Journal of Financial Crime Vol. 18 No. 3, 2011 pp. 235-246 q Emerald Group Publishing Limited 1359-0790 DOI 10.1108/13590791111147451

JFC 18,3

236

which will be a exact replica web site of the bank. Sensitive details like user IDs, passwords, account number, credit card details and any other personal information are asked for which could then be used to steal the identity of the victim and perform money transfer from the victims account. The techniques used for phishing have changed little but their distribution and sophistication in deployment have changed greatly. In addition to web site phishing using botnets making them increasingly untraceable, other sophisticated techniques such as vishing (phishing over VoIP), skimming (fraudulent act of reading and storing the information encoded on the magnetic stripe of a debit card or credit card), spoong (duplicating an original bank site) and smishing (SMS phishing) are being employed by hackers to cheat the users off their money. The industry experts are also witnessing a new trend called spear phishing, which is a technique whereby e-mails that appear genuine are sent to employees or members within a certain company, government agency, organization, or group to gain access to a companys entire computer system (Kekre, 2008). Federal Trade Commission (www.ftc.gov) provides the following methods through which identity can be stolen: . Dumpster diving. They rummage through trash looking for bills or other paper with your personal information on it. . Skimming. They steal credit/debit card numbers by using a special storage device when processing your card. . Phishing. They pretend to be nancial institutions or companies and send spam or pop-up messages to get you to reveal your personal information. If you are ever suspicious of a phone call, letter, or e-mail, contact (or visit) the nancial institution directly using a recognized phone number and inquire about the request for your personal information. . Changing your address. They divert your billing statements to another location by completing a change of address form. . Old-fashioned stealing. They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records or bribe employees who have access. . Pretexting. They use false pretenses to obtain your personal information from nancial institutions, telephone companies, and other sources. Stealing an identity could enable a phisher to contact the organisation concerned, claim to be the victim of the phishing attack, and to transact business with the organisation illegally in the name of the client concerned (Butler, 2007). Identity theft and nancial fraud are signicant consequences of successful phishing (Abad, 2005). Once the bank fraud occurs, this may lead to creating counterfeit checks using the name or account number of the victim, open a bank account in the name of the victim and write bad checks, can clone ATM or debit card to make electronic withdrawals thus draining the victims account. Even loan can be taken from in the name of the victim (www.ftc.gov). 2. Present status of phishing Gartner (2009), a reputable research organisation, reported that during 2008, around 80 percent of the adult internet users had got an e-mail as part of one phishing

campaign or another, a rise from 40 percent from the previous year. The average consumer loss in 2008 per phishing incident was $351 (Symantec, 2009). This can be attributed to recession which has inspired scams targeting people who are worried about work and their nances. Frauds were also observed during recession times in early 1990s and similar trend is being observed in 2007-2008. Since most of the banks were going for renovations such as mergers, it was not surprising for a customer to hear from their banks. Phishers took it as an advantage, and contacted the customers, asking them to supply information related to credit card and accounts in pretext of updating their les by citing the reasons like merger. According to Symantec (2009), three quarters of the phishing e-mails were bank related for things like low interest loans and mortgage renancing. These e-mails have become more common as the economy worsens. With recession coming down, the phishing attack subsided in 2009. Phishing attacks have also seen rise in countries like India as it can be seen in 2009, India had accounted for 15 percent of all malicious activity in the Asia-Pacic/Japan (APJ) region, an increase from 10 percent in 2008. For specic categories of measurement in the APJ region, India increased rank in malicious code, spam zombies and phishing hosts from 2008. This made India being the third highest country of spam origin globally. Malicious activity tends to increase in countries experiencing rapid growth in broadband infrastructure and connectivity, and the level of malicious activity occurring in India has been increasing steadily over several reporting periods as its broadband infrastructure and user base grows (Symantec, 2010). As per the Indian Computer Emergency Response Team (CERT-In), phishing is the number one problem faced by the Indian internet community with it alone consuming the major share of incident reported when compared with other form of threats. Table I shows the year-wise phishing incident trend as observed by CERT-In. It can be observed that there has been a signicant rise in phishing incidents from 2007 to 2008 but it did considerably dropped in 2009. Even though there is a drop it can be seen that in the current year (till August 2010), a total of about 293 incidents are already reported on phishing incident (CERT-In, 2010b). 3. Consequences of identity theft The motivation for phishing attacks has shifted from its original concern with status based on technical prowess, to one of nancial gain (Symantec, 2006). Attackers aim to gather value-laden information, either in order to commit either identity theft or other forms of fraud (Symantec, 2006).

Online identity theft

237

Year 2004 2005 2006 2007 2008 2009 Source: CERT-In (2010a)

No. of phishing incidents reported 3 101 339 392 604 374

Table I. Year-wise phishing incident trend

JFC 18,3

238

Phishers sell this information in the underground economy. Underground economy servers are black market forums for the promotion and trade of stolen information and services. This information can include government-issued identication numbers, credit cards, credit verication values, debit cards, personal identication numbers, user accounts, e-mail address lists, and bank accounts. Services include cashiers, scam page hosting, and job advertisements such as for scam developers or phishing partners. Financial information alone accounts for majority of all goods on sale as reected in Table II (Symantec, 2010). Butler (2007) observes the follows consequences for phishing victims: . Possible refusal of loans due to bad credit reports. . Having to spend time and money in cleaning up the mess that the identity thieves leave behind. . On a psychological level, victims experience negative emotions, ranging from feelings of violation, stress, and humiliation, to those of anger and frustration. 4. Concerns for e-business Trust is central to any economic transaction, whether conducted in a retail outlet in the real ofine world or over the internet, by means of a web site. However, trust is even more important in an online situation (Grabner and Faullent, 2008). As phishing undermines the basic element of trust essential for successful ongoing e-commerce, such attacks can cause consumers to lose condence in the e-commerce industry (Pandit, 2006). These concerns have been investigated in a variety of studies. According to Cyota, a fraud prevention service provider, more than 50 percent of internet consumers are afraid to conduct online commerce, due to phishing concerns. A Symantec study shows that nearly one-third of the respondents refrain from online banking, due to fears of phishing (Radcliff, 2005). A study into online shopping behaviour indicated that attacks are taking a toll on consumer condence, resulting in online consumers changing their usage patterns (Gartner, 2005). Loss of personal data not only undermines the customer and institutional condence but can also result in costly damage to an organizations reputation, and be costly to recover from the resulting identity theft (Symantec, 2009).

Item Credit card information Bank account information E-mail accounts E-mail addresses Proxies Full identities Mailers Cash out of services Source: Symantec

2009 (among all goods, %) 19 19 7 7 6 5 4 4

2008 (among all goods, %) 32 19 5 5 4 4 3 3

2007 (among all goods, %) Range of price ($) 21 17 4 6 3 6 5 5 0.85-30 15-850 1-20 1.70-15/MB 2-5 0.70-20 4-10 0-600 plus 50-60%

Table II. Goods and services available for sale on underground economy servers

In the study carried out by Unisys (2009), identity theft was found to be the greatest single area of concern for consumers followed by nancial fraud. A full 75 percent of respondents even said they would switch to another bank offering stronger security or better protection for money or personal information. The bottom line is that the loss of trust is potentially devastating to banks. When a customer feels that his personal data are not well protected, trust gets damaged. Customer satisfaction is a key trust building attribute and in nancial services, less trust equals fewer customers and lower revenues. Identity theft is not a concern of one individual but even the business rm should also take initiatives to ensure that personal and nancial data are safe with them. Security measures adopted by the online business will help in maintaining the faith of customer and thus retention of customers. 5. Countermeasures adopted Banks worldwide have adopted certain security measures to enhance the security. Banks like Bank of America (2009) added extra layer of security and are educating customers on the aspects of security. It also gives a provision for customer who bank online to choose a site key, essentially a symbol which they could see every time they visit the banks web site. This helps the consumer in identifying the fake web site. It has also teamed up with groups such as Anti-Phishing Working Group (APWG) and Online Trust Alliance to battle against fraud. Citywide Banks uses secured e-mail system called Citywide Banks commercial real estate services that require a special account and login process. It also uses watermark authentication image which is personalized to each user and has implemented automated monitoring system which ags suspicious activity on a customer account (Citywide Bank, 2009). Merrick Bank uses cookies that last only through single session when visiting the banks web site. It has also installed intrusion detection system to provide notication when suspicious or illegal activity is detected. Usage of Secure Socket Layer (SSL) for transmitting information and creates system utilization logs hardware components that comprise the banks web site. Landmark Bank (2010) recommends secure browser with 128-bit encryption to operate the bank account. This browser uses SSL to communicate with banks server. It also employed multiple rewalls which log network trafc to facilitate centralized auditing and security monitoring. In the Indian context, many Indian banks like Bank of India, Andhra Bank, State Bank of India, Bank of Baroda, HDFC, are VeriSign certied, i.e. they have collaborated with VeriSign, Inc., a trusted provider of internet infrastructure services for the networked world. ICICI Bank (2010) has employed safe banking initiative which educates customer about the methods of protecting them from fraud. For that it uses hoardings, alerts on their internet banking and monthly statements. Banks have tried their best to deal with the growing number of reported phishing incidents by pushing for some legislative changes, user training, public awareness, and technical measures. However, despite advanced ltering, better law enforcement, greater efforts at user education, and other measures, reports of phishing have not declined (Kekre, 2008). Even though, as big companies are taking more precautions, scammers are turning towards insufciently protected smaller nancial rms.

Online identity theft

239

JFC 18,3

240

According to online survey carried out by ReadiMinds (2008), Over 57 percent of banks still do not have a dedicated budget for online security and over 40 percent of respondent banks do not have any formal plan in place for creating customer awareness against online identity theft and nancial frauds. In July 2010 itself, an increase of 3 percent was seen in phishing attacks on Indian banks when compared with the previous month (www.symentac.com). It is quite evident that fraudsters are targeting internet banking users by increasingly creating more phishing sites and spoong as many popular Indian brands as possible. Even though phishing and phishers may be keeping banks on high alert, but the law is lagging far behind. Phishing is not an offence that is specically dened under the IT Act, 2000. There is also a problem of cyber jurisdiction. These attacks can be launched from any part of the world which in turn makes prosecutions very difcult. Getting these people arrested is difcult since Indian law is not applicable to people outside the territorial boundaries (www.cyberlawsindia.net). 6. What still need to be done? Prevention is always better than cure. Proper care must be taken by the customers to protect their identity and it is also the responsibility of the online business rm to take measures to disallow any data breach. A data breach is considered to be caused by insecure policy if it can be attributed to a failure to develop, implement, and comply with adequate security policy. For any department that manages or requires access to sensitive information, organizations should develop stronger security policies (Symantec, 2009). Some general guidelines are to be followed, while preparing the organizations security policy. Some of them are listed as follows: (1) Education: . Educate all employees on proper security procedures. . Educate the consumers by posting instructions on web site about the dos and donts of net banking. . Initiatives should be taken to remind customers to update their anti-virus and anti-spyware software. (2) Security department: . Have a security department with dedicated budget for online security. . Initiate a 24-hour customer response team where a customer can report any form of identity theft or account discrepancies. . Appoint a chief security ofcer who takes care of online security. . Should have strong security policy and see that it is implemented strictly. . Appointment of internal auditors can help in keeping track of the transactions. (3) Constant monitoring: . Appoint agencies to carry out monitoring of internet activities on their web sites. . Alerts should be sent to consumers mobile or e-mail about the transaction carried in his account. This helps in quick response by customer to report any illegal transaction.

Employ internal auditors to check fraud. Employ services of organization which monitors the misuse of logo, trademark and web contents on the internet. . Monitor network trafc and track all activities to ensure there is no illegal access to database. (4) Security tools: . Use strong encryption method to encrypt sensitive data and do not send out unencrypted nancial information. . Use SSL encryption and add multiple layers of security which helps user in identifying fake web sites. . Use dual authentication system where a user should use a physical token/smart card to log into their banks web site. . Use digitally signed e-mail when corresponding with consumer through e-mail. . Personalize the user webpage when he logs in with some image chosen by the user at the time of registration. This helps in identifying fake web sites. . Next generation tools and technology including open source software, service-oriented architectures and visualization can be employed. . Data mining which has been successful tool in the areas of marketing can also be used in fraud detection system to maintain user prole and detect any outliers in them. . Articial intelligence programs can be used to look out for anomalies, unusual behavior or sequence of events.
. .

Online identity theft

241

The APWG provides the list of security solutions shown in Table III. These are few products recognized by APWG for providing security measures but apart from technology, manual efforts are needed to address the problem. Customers should understand the risks and take precautions. Online business should take up appropriate measures to build a strong security policy and ensure that it is strictly implemented to protect all sensitive data. Strong cyber laws must be developed to catch hold of these criminals. Combined efforts are thus needed to protect the identity of one of the most important asset customer. 7. Conclusion Many facets have emerged with the advent of internet. If e-commerce represents the positive side then identity theft represents the negative side. Especially in the developing country like India, identity theft is slowly but steadily becoming one of the major problems that can cripple the faith of an individual towards e-commerce and net banking. Identity theft is a menace which is just not a concern of an individual but also the responsibility of online business rm. Incidents of identity theft have occurred in the past, are occurring at present and may continue to occur in the future. But with the combined effort by everyone concerned, these incidents can be minimized if not stopped forever. It is time to ght back and protect our identity.

JFC 18,3

242

Solution

MarkMonitor

Cyveillance Anti-Phishing

VeriSign

Internet Identity

GlobalSign

FraudWatch

Table III. List of security products Description MarkMonitors integrated Brand and Fraud Protection platform provides full life-cycle management, including early warning, real-time detection, and investigation and response, to a wide and growing list of identity-based online security problems faced by corporations today It is a comprehensive, turnkey solution that enables organizations to prevent, detect, and recover from phishing and fraud-related malware attacks. Using its proprietary internet monitoring technology, proven processes and procedures, and industry-leading security operations team, Cyveillance identies targeted fraud activity such as suspicious domain registrations, phishing lures, spoof sites, malware distribution points and the post-attack gathering, and exchange of compromised credentials It is the worlds leading SSL certicate authority, securing nearly 500,000 web servers. Its customers include 93 percent of the Fortune 500, the top US banks, and 47 of the 50 largest e-commerce sites. The rigorous VeriSign authentication and security practices over the last ten years have helped establish the VeriSign Secured Seal as the No. 1 mark of trust on the internet Over 30 percent of fraud attacks rely on cousin variations of the target brand name (such as www.brandaccount.com) increasing the potential victims misguided condence in a scam. This threat vector can be controlled with an aggressive domain control program. Internet Identitys unique domain security audit researches potentially threatening domains that contain the brand names, collecting current registration and usage data, and rating the threat level of domains Established in 1996, GlobalSign is one of the longest established SSL providers and certication authorities, securing thousands of web sites, individuals, devices and identities. GlobalSign has been WebTrust compliant for over four years the longest running in Europe and its well dened and executed authentication policies and procedures ensure GlobalSign products and services are amongst the most highly trusted available in the market FraudWatch International is a specialist anti-phishing company, providing a comprehensive anti-phishing service; protecting organizations around the world against: phishing, pharming, vishing and Trojan attacks. FraudWatch maintains two 24 7 security operations centers in North America and Australia, with analysts working exclusively on anti-phishing. FraudWatchs provides 24 7 monitoring and detection, real-time alerting of veried threats, incident tracking and forensics portal with real-time one click reporting, threat mitigation countermeasures and fast site blocking and take down services. FraudWatch minimizes the impact of phishing attacks with a swift and decisive incident response (continued)

Solution

Description

BrandProtect

GoDaddys BrandCatcher

Websense Enterprisew Security Premium Groupe

Easy Solutions

Panda Software

McAfee

It empowers organizations to gain control over how they are represented online by uncovering and mitigating the issues that put their reputation at risk and erode customer trust. BrandProtects Response Services help detect, uncover and mitigate brand and trademark infringement issues, phishing attacks, web trafc diversions, web site integrity issues and defamatory discussions It is a brand monitoring product that uncovers the use of brand and trademarks on the internet and provides alerts on related domain name registrations It blocks access to known phishing web sites. Using a series of proprietary processes, including data mining (such as signatures for spoong utilizing browser vulnerabilities) and customer and partnership feedback. Websense identies phishing sites and adds them automatically to the phishing and other frauds category within the Websense Master Database for web ltering and web security. Discovered sites are also a key component of the Websensew Real-time Security Updatese that protect organizations in immediately from advanced phishing and malicious code threats Websensew Client Policy Managere blocks access to phishing-based key loggers, BOTs, and Trojan Horses. Real-time security updates to the application classication databases combined with the ability to block unknown attacks through lockdown and network lockdown, protect customers from phishing-based malcode It provide solutions for identifying and preventing online transaction fraud while helping institutions comply with existing US domestic and international two factor authentication requirements It is a world leader in virus and intrusion prevention, presents its new family of solutions. The new range of IT security products boasts a series of outstanding technological innovations and caters for all clients, from the largest corporations to home users The McAfee VirusScan 8.0i product helps prevent end-users machines from being recruited and exploited as part of a Bot-Net by both detecting Trojan and backdoor malicious code, protecting against buffer overrun attacks and network attacks. Finally, all McAfee Antivirus products, from the desktop to the server to the gateway include the scan engine to detect and defend against key loggers and script exploits that are often used in phishing attacks. McAfee Entercept and McAfee Foundstone protects protect ISPs from being compromised and subsequently used to host phishing sites by identifying weaknesses and protecting against buffer overrun type attacks (continued)

Online identity theft

243

Table III.

JFC 18,3

244

Solution

RSAw FraudAction

Symantec Online Fraud Management Solution

Netcraft

PhishWall

ICONIX

Source: APWG

Table III. Description It is a proven service offering complete fraud protection against phishing, pharming and Trojan attacks including 24 7 monitoring and detection, real-time alerts and reporting, forensics and countermeasures, and site blocking and shutdown. At the core of the FraudAction service is RSAs exclusive Anti-fraud Command Center, a team of elite researchers that remain on the forefront of fraud trends and the latest online threats and have shut down nearly 300,000 online attacks It provides enterprises a multi-pronged solution for mitigating online fraud. It protects nancial institutions and their customers by blocking fraudulent e-mails from reaching consumers and alerting the company that its customers are under attack. At the same time, the Symantec Online Fraud Management Solution provides customer education, customer desktop security assessment, and customer protection technologies that protect the consumer as well as the enterprise network. In addition, it provides services to share Symantecs online fraud expertise and ensure rapid implementation Netcrafts service helps banks and other nancial organizations combat phishing techniques, so that once a phishing site has been detected, Netcraft responds with a set of actions which will limit access to the site and should ultimately cause the fraudulent content to be eliminated It is the revolutionary anti-phishing solution that uses a new patent-pending (PATPEND:2004-195208) user-based web server authentication technology based on a public key encryption algorithm. Through the PhishWall solution, corporations can offer a more secured internet-based e-commerce environment to their customers and protect them against phishing attacks. SecureBrain PhishWall uses an established cryptographic message exchange scheme to give consumer an easy graphical way to assure he is on the proper web site for his banking, shopping and payments applications ICONIX, Inc. is the leading innovator in trusted e-mail identication solutions. Providing a value added identication service on top of Sender ID and Domain Keys/DKIM, including authentication support in webmail clients, the companys visual e-mail ID solution uses an icon to enable consumers to instantly identify which messages in their inbox are real, thereby enabling senders to restore trust in e-mail communications with their customers

References Abad, C. (2005), The economy of phishing: a survey of the operations of the phishing market, First Monday, Vol. 10 No. 9, available at: http://rstmonday.org/htbin/cgiwrap/bin/ojs/ index.php/fm/article/view/1272/1192 (accessed 4 June 2010). Bank of America (2009), Privacy and Security, available at: www.bankofamerica.com (accessed 27 May 2010). Butler, R. (2007), A framework of anti-phishing measures aimed at protecting the online customers identity, The Electronic Library, Vol. 25 No. 5, pp. 517-33. CERT-In (2010a), Annual Report 2009, Department of IT, Ministry of Communications and IT, Government of India, New Delhi. CERT-In (2010b), Monthly Security Bulletin January 2010-August 2010, Department of IT, Ministry of Communications and IT, Government of India, New Delhi. Citywide Bank (2009), Identity Theft Prevention, available at: www.citywidebank.com (accessed 27 May 2010). Eriksson, K., Kerem, K. and Nilsson, D. (2008), The adoption of commercial innovations in the former Central and Eastern European markets: the case of internet banking in Estonia, International Journal of Bank Marketing, Vol. 26 No. 3, pp. 154-69. Gartner (2005), Gartner Survey Show Frequent Data Security Lapses and Increased Cyber Attacks Damage Consumer Trust in Online Commerce, Gartner, Stamford, CT, available at: www. gartner.com/press_releases/asset_129754_11.html (accessed 2 June 2010). Gartner (2009), Gartner Says Number of Phishing Attacks on US Consumers Increased 40 Percent in 2008, Gartner, Stamford, CT, available at: www.gartner.com/it/page.jsp?id936913 (accessed 2 June 2010). Grabner, S. and Grabner, R. (2008), Consumer acceptance of internet banking: the inuence of internet trust, International Journal of Bank Marketing, Vol. 26 No. 7, pp. 483-504. ICICI Bank (2010), Safe Bank Initiatives, available at: www.icicibank.com (accessed 27 May 2010). Kekre, P. (2008), Phishing in India on Rise, CIOL.Com, available at: www.ciol.com/BFSI/Feature/ Phishing-in-India-on-the-rise/301008112099/0/ (accessed 25 September 2010). Landmark Bank (2010), Security, available at: www.landmarkbankonline.com (accessed 27 May 2010). Pandit, M. (2006), Go phish: how to prevent identity fraud, Bank Technology News, Vol. 19 No. 7, p. 33. Radcliff, D. (2005), Fighting back against phishing, Network World, Vol. 22 No. 14, p. 48. ReadiMinds (2008), State of Online Security in Financial Institutions in India 2008, ReadiMinds System and Services Ltd, Bangalore, available at: www.readiminds.com/surveys/news_ indiastats2009.php (accessed 4 June 2010). Symantec (2006), Internet Security Threat Report Trends for January 2006-June 2006, Symantec Corporation, Mountain View, CA, available at: http://eval.symantec.com/ mktginfo/enterprise/white_papers/ent-whitepaper_Symantec_internet_security_threat_ report_x_09_2006.en-us.pdf (accessed 5 June 2010). Symantec (2009), Symantec Global Internet Security Threat Report Trends for 2008, Symantec Corporation, Mountain View, CA, available at: www.symantec.com (accessed 5 June 2010). Symantec (2010), Symantec Internet Security Threat Report Trends for 2009, Symantec Corporation, Mountain View, CA, available at: www.symantec.com (accessed 18 October 2010). Unisys (2009), Global Economic Super Virus, Unisys Corporation, Blue Bell, PA.

Online identity theft

245

JFC 18,3

246

Further reading CERT-In (2009a), Annual Report 2008, Department of IT, Ministry of Communications and IT, Government of India, New Delhi. CERT-In (2009b), Phishing Incident Trend Report, Department of IT, Ministry of Communications and IT, Government of India, New Delhi. Merric Bank (2010), Security Policy, available at: www.merricbank.com (accessed 27 May 2010). Web sites Andhra Bank: www.andhrabank.in APWG: www.antishing.org BOB: www.bankofbaroda.com BOI: www.bankondia.com HDFC: www.hdfcbank.com SBI: www.statebankofIndia.com Symantec: www.symantec.com

About the author D. Vijaya Geeta has an MSc in Computer Science and an MTech in Information Technology from Andhra University and currently pursuing PhD from Andhra University in the area of Machine Learning. Is currently employed at GITAM University as Associate Professor and take up IT subjects for Management Students. Research interests include data mining, customer relationship management and information security. D. Vijaya Geeta can be contacted at: vijayageeta@gitam.edu

To purchase reprints of this article please e-mail: reprints@emeraldinsight.com Or visit our web site for further details: www.emeraldinsight.com/reprints

You might also like