Have you recently received a mail congratulating you for being the chosen one to be offered an unbelievable investment plan with exceptional returns? Think again before you start thanking your stars for landing up with the opportunity. You can be the next victim of 'Phishing' and could end up sharing your valuable personal information with someone you don't even know. The information gathered through such fraudulent mails is later used by these hackers to break into your personal bank accounts and even carry out transactions in your name, without your knowledge.

Phishing or Vishing (Voice based) scams are the most feared cyber frauds which have become a major cause of concern globally. The magnitude of cyber security threat looming over the world is massive, with study predicting the global annual cyber crime costs to grow from $ 3 trillion in 2015 to $ 6 trillion by 2021. Unbelievably around 294 billion emails are sent each day around the world out of which around 90 percent is spam. Of the reported 37.3 million instances of phishing attacks, 88 percent involved users clicking a link. Every second 12 people online become a victim of cyber crime, totaling more than 1 million victims around the world every day. What is even more alarming is the fact that India ranks fourth with 5 percent of the total phishing volume worldwide. Country’s losses were recorded at $ 91 million in 2015.
 
Needless to say, financial gain is one of the prime motivations behind most cybercriminal activities. In last few years, India has moved up in rankings for countries with the most number of financial threats, and currently ranks as the 3rd most affected country by financial Trojans. The BFSI sector was the highest targeted sector in January 2016 with 40.2 % of all spear-phishing attacks, primarily through malicious spam email attachments. India has seen a rise in attacks targeting BFSI from 11.1 % to 17.1 % in 2014. Insurance remains one of most vulnerable industries to be targeted in the BFSI sector.

Recently even IRDAI (Insurance Regulatory and Development Authority of India) was targeted4 by e-mail spoofing by creating fake login ids such as ''[email protected]'' which look identical to IRDAI's official domain ''www.irda.gov.in''. The modus operandi of the fraudster in this case was to send fictitious offers of large sum of money by posing as IRDAI official. Such fictitious offers were made in the name of 'IRDA government', 'Insurance Control Authority, Delhi' etc.

To ensure that such fraudulent activities by the means of phishing or vishing are not able to gain success and dupe unaware customers, insurance companies take various steps such as distributing leaflets in all branches where a face to face interaction happens with the customers, various pop up banners are put up on the website homepage and all key pages as the way to educate the inbound customers. For outbound communication with customers, a disclaimer is printed on all engagement mailers sent to the consumers, special disclaimers are sent for any transaction the customers make and educative banners are printed on each envelope and inland letter that is sent to the customers. An automated IVR message warning customers about such spurious mails or calls is also added to ensure that every customer calling the insurance company is made aware of the danger.

While lot of money is being spent by the government, regulatory authorities and insurance companies to device new and effective ways to fight the phishing menace, it can only achieve the desired results when customers also take necessary steps by adhering to the guidelines and cooperating with the norms set by various agencies to fight this problem.

Customers should be aware that no legitimate company will ask for personal information such as account information, passwords, verification of security questions etc. They must contact the insurance company directly in case they get a suspicious mail. Carefully read the company name from which the mail has been sent as responding to a misspelled company name, might land them straight into the grab of a phishing scam. Beware of keywords like ‘Verify’, ‘account process’ or ‘update’ etc in the communication they receive on behalf of the company.

The amount of cyber damage that the world has witnessed in past few years is enough to understand that the world is fast changing and has entered a new phase of warfare.  It is important to understand that we are fighting one of the top 10 global threats at the moment and we have to jointly fight tooth and nail against this to ensure that our interests are safeguarded. There is no doubt that if each one of us is conscious enough and aware of the rights and wrongs, this mammoth problem might just become a thing of passé in the near future.

(Authored by Indeevar Krishna, Head - Operations and Customer Service, Max Life Insurance)

Disclaimer: IRIS has taken due care and caution in compilation of data for its web site. Information has been obtained by IRIS from sources which it considers reliable. However, IRIS does not guarantee the accuracy, adequacy or completeness of any information and is not responsible for any errors or omissions or for the results obtained from the use of such information. IRIS especially states that it has no financial liability whatsoever to any user on account of the use of information provided on its website.