Income Tax Department Shows the Way
How to respond to Phishing?
Phishing is an often discussed subject by Bankers and
Cyber Security Professionals. We also discuss and debate what an
organization do when its name is being impersonated and phishing frauds
are taking place.
Banks are noteworthy for their lack of concern and
often bury some instructions in some parts of their huge websites and
claim that they have given adequate notice to the customers.
Naavi has been waging a battle to say that the level
of customer information dissemination should be far higher than what it
is today in Banks.
In the light of the above observations, it was
interesting to observe today how Income Tax department has tried to
handle customer information regarding the Phishing attacks in the name
of the department.
Firstly the department has not tucked away the notice
in some corner. The home page of the department itself contains a
prominent notice
(See
the enclosed screenshots)
Secondly the home page contains a link "Report
Phishing". In this linked page apart from the usual instructions on how
to handle a phishing mail etc the department has added the request for
forwarding the phishing mail to a designated official of the department.
It is interesting to note that the department has
also requested the public to forward phishing mails received not
pertaining to the department to its incident monitoring section perhaps
for general research on phishing and the latest trends used.
The department has also included "Samples" of
phishing e-mails in its name.
There are also some banner ads placed to draw the
attention of the website users.
These steps taken by the department require complete
appreciation and who ever was personally responsible for the
introduction of these measures deserves commendation.
All these are measures which the undersigned has been
recommending for some time and rarely followed by other organizations.
I would be happy of the department sends me a profile
of the person to be put up in appreciation on the website of Naavi.org.
I wish that Banks in India and other organization
learn from this implementation of the phishing response strategy
followed by the Income Tax department and take suitable steps within
their own organizations.
It may be noted that in future the steps taken by the
Income Tax department will be quoted in Courts, Adjudication offices and
Cyber Appellate Tribunals as a model implementation to be followed by
Banks.
Naavi
July 15, 2011
Comments are Welcome at
naavi@vsnl.com
