Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Response

Phishers’ Roving Eyes Target Indian Educational Institutes

Created: 01 Dec 2010 23:55:20 GMT • Updated: 23 Jan 2014 18:23:45 GMT • Translations available: 日本語
Mathew Maniyara's picture
0 0 Votes
Login to vote

Recently, Symantec observed a phishing website that spoofed a popular email service brand. There wasn’t much to ponder on the phishing page or even with the brand that it was spoofing. Also, phishing websites attacking email service brands are not uncommon. But, the domain name that was used in hosting the phishing site was what made this particular phishing attempt interesting.

The phishing site’s domain name belonged to a popular government educational institute in India. Phishers are known for compromising legitimate websites and hosting their phishing sites on them. However, websites belonging to government, military, or educational institutes are usually more secure and are seldom compromised. In the past six months, several colleges and schools in India have been attacked by phishers. These include colleges that offer education in engineering, health sciences, management studies, gemological studies, and commerce. Let’s have a look at the statistics involving the domain names of Indian educational institutes that were compromised and used as hosts for phishing sites during the past six months:

 
Some noteworthy figures:
•    There were 13 educational institutes whose websites were compromised. These domain names were used to spoof 16 brands.
•    Domain names belonging to the colleges of Uttar Pradesh were found to be the highest in phishing in comparison to other states in India. This was about 43% of the phishing attacks, followed by Tamil Nadu and Delhi, comprising 27% and 15% respectively.
•    Around 79% of these phishing sites targeted banking sector brands; 12.9% were e-commerce brands, and the remainder were information services, insurance, and mobile/cellular brands.
•    Brands based in the USA, UK, France, and Australia were all affected by these phishing sites.

The average lifespan of these phishing sites was evaluated and found to be about four to five days. This short life span is probably due to the fact that educational institutes will remove phishing pages from their domain as soon as such a threat is reported, in order to maintain online security. Though the life spans of these phishing sites are short, given the statistics it appears that this type of phishing attack is consistently being observed every month.

Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:
•    Do not click on suspicious links in email messages.
•    Check the URL of a website and make sure that it belongs to the brand.
•    Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link.
•    Frequently update your security software, such as Norton Internet Security 2011, which protects you from online phishing.