Today Hot Topic

Phishing Attacks in India

GS-3 Mains Exam : Internal Security

Revision Notes 



Question : Analyze the reasons for the success of phishing attacks, emphasizing the role of human error and third-party vulnerabilities.

Basic Concept :

A phishing attack is a type of online fraud where a scammer attempts to steal your personal information by impersonating a trusted source, such as a bank, credit card company, or social media site. These attackers use fear or temptation to pressure you into taking hasty action.


  • You receive an email (that appears to be) from your bank, stating that your account is compromised and you need to verify your account information immediately. The email also includes a link.

This could be a phishing attack! A real bank will never directly ask for your account information this way.

If you click the link, you might be directed to a fake website that looks almost identical to the real bank’s website. There, you’ll be prompted to enter sensitive information like your username, password, and OTP.

If you provide this information, the scammer will steal it and potentially misuse your bank account.

Back to Mains Topic


  • India is a major target for phishing attacks, according to the 2024 Data Breach Investigations Report by Verizon Business.

Key Findings (APAC Region):

  • Dominant Attack Type: Espionage (stealing data) – 25% of attacks, significantly higher than Europe (6%) and North America (4%).
  • Common Breach Techniques: System intrusion, social engineering, and basic web application attacks (95% of breaches).
  • Compromised Data: Credentials (69%), internal data (37%), and secrets (24%).

What is Phishing?

  • A cyberattack that attempts to steal sensitive information (usernames, passwords, bank details, etc.) by impersonating a trusted source.

Reasons for Phishing Success:

  • Human Error: 68% of breaches involve human error or social engineering attacks.
  • Third-Party Vulnerabilities: 15% of breaches involve compromised data custodians, software, or supply chains.

Government Initiatives:

  • Information Technology Act, 2000 (Sections 43, 66, 70, 74): Deals with hacking and cybercrimes.
  • Indian Computer Emergency Response Team (CERT-In): Issues alerts and advisories on cyber threats and countermeasures.
  • National Cyber Coordination Centre (NCCC): Generates situational awareness of cyber threats and facilitates information sharing.
  • Cyber Swachhta Kendra: Detects malicious programs and provides free removal tools.
  • Bharat National Cyber Security Exercise 2023 (Bharat NCX): Improves cyber crisis management skills.
  • Chakshu Facility: Encourages citizens to report suspicious communications (calls, SMS, WhatsApp) on the Sanchar Saathi portal.

International Measures:

  • Budapest Convention: First international treaty on cybercrime (India is not a signatory).
  • Internet Corporation for Assigned Names and Numbers (ICANN): US-based organization for internet governance (domain names, etc.).
  • Internet Governance Forum: UN forum for multi-stakeholder dialogue on internet governance.


  • India faces a significant challenge from phishing attacks due to employee susceptibility.
  • However, reporting practices are improving, with 20% of users now identifying and reporting phishing attempts.

Leave a Reply

Your email address will not be published. Required fields are marked *