Cybercriminals turn local, attack with Hindi spam

Gurgaon-based corporate lawyer Rajgopal Rao didn't know whether to rejoice or not.

An e-mail in Hindi announcing him as the winner of some lottery was causing him worry.

"I was getting three-five mails everyday asking me my age, address and phone number so that the prize money could be delivered.

"After some thought I did a web search for the organisation and got redirected to some rogue site (as detected by the security software installed in his laptop). That's when I realised it was spam."

Parul Kumar, a Hyderabad-based research fellow, went through something similar.

...

"What raised my doubts was the message that provided non-standard contact details for further communication and reference to some famous brands as sponsors. A web search didn't throw up any information on any lottery or contests."

Rao and Kumar are among the 80 million active Internet subscribers in India who are susceptible to an emerging spam mail trend that uses local languages to lure users.

India, which already ranks second in relaying spam over the Internet, has moved on to sending spam in Hindi.

...

While German, Spanish and other European languages are routinely used in spams, it reinforces the fact that India - which accounts for 35 per cent of the global spam originated and ranked sixth for malicious code in 2010 - is fast rising on the cybercriminal's radar.

Security firm Symantec claims that with the increasing number of Internet users in emerging economies, there will be a decrease in the number of attacks in English and a rise in spam in regional languages.

...

Another security firm, Kaspersky says: "The other aspect that might have contributed to the spamsters turning to Hindi as the preferred language is that most Gram Panchayats are using the Internet for information on farming and village administration. The users at this level are easy targets."

Other Hindi-speaking countries such as Pakistan, Bangladesh, Nepal and the vast population of Indians working across the globe are also being targeted with spam mails in Hindi.

Ajay Goel, managing director (India and Saarc), Symantec, says: "Symantec has observed the first spam campaign in Hindi. This is an indication of the fact that India continues to be a key target for cybercriminals, and they are making an extra effort to lure Indian users."

...

Symantec has for the first time observed spam emails using the 419 or "Nigerian" technique - in Hindi.

This represents a paradigm shift in 419 scams, which users around the world have learnt to be wary of.

While these messages were earlier predominantly in English, even when targeting Indian users, it shows that spammers have become extremely specific about their target.

Over the past few years, India has increasingly become the target for cybercriminals - from phishing and spam attacks around Diwali, to the more recent Cricket World Cup, India-specific events are being used to fool users in the country into parting with their money and information.

...

This is a clear indication of the fact that Asia ranks high on cybercriminal's target, especially countries like India with a rapidly growing internet population.

Gaurav Kanwal, Country Sales Manager, India, Consumer Products and Solutions, Symantec, says that another factor that makes Hindi an attractive medium for cybercriminals is the possibility of first-time or emerging Internet users in India being more comfortable with their mother tongue, and therefore more easily deceived.

This is a classic example of "social engineering" - where the attacker does not exploit any vulnerability in the system, but rather dupes the victim into revealing sensitive information.

(With additional inputs from Vicky Nanjappa in Bengaluru)