Let's Build a Responsible Cyber Society




Income Tax Department Shows the Way

How to respond to Phishing?

Phishing is an often discussed subject by Bankers and Cyber Security Professionals. We also discuss and debate what an organization do when its name is being impersonated and phishing frauds are taking place.

Banks are noteworthy for their lack of concern and often bury some instructions in some parts of their huge websites and claim that they have given adequate notice to the customers.

Naavi has been waging a battle to say that the level of customer information dissemination should be far higher than what it is today in Banks.

In the light of the above observations, it was interesting to observe today how Income Tax department has tried to handle customer information regarding the Phishing attacks in the name of the department.

Firstly the department has not tucked away the notice in some corner. The home page of the department itself contains a prominent notice (See the enclosed screenshots)

Secondly the home page contains a link "Report Phishing". In this linked page apart from the usual instructions on how to handle a phishing mail etc the department has added the request for forwarding the phishing mail to a designated official of the department.

It is interesting to note that the department has also requested the public to forward phishing mails received not pertaining to the department to its incident monitoring section perhaps for general research on phishing and the latest trends used.

The department has also included "Samples" of phishing e-mails in its name.

There are also some banner ads placed to draw the attention of the website users.

These steps taken by the department require complete appreciation and who ever was personally responsible for the introduction of these measures deserves commendation.

All these are measures which the undersigned has been recommending for some time and rarely followed by other organizations.

I would be happy of the department sends me a profile of the person to be put up in appreciation on the website of Naavi.org.

I wish that Banks in India and other organization  learn from this implementation of the phishing response strategy followed by the Income Tax department and take suitable steps within their own organizations.

It may be noted that in future the steps taken by the Income Tax department will be quoted in Courts, Adjudication offices and Cyber Appellate Tribunals as a model implementation to be followed by Banks.



July 15, 2011

 Comments are Welcome at naavi@vsnl.com