|
 |
Phishing
..!!! |
|
Mr.
Ashok
Reddy
(victim)
got an
email
from
alleged
ICICI
Bank
that his
account
needs
update.
When
victim
clicked
on the
link
provided
in the
email
(one
must
never do
this…!)
it
re-directs
to fake
ICICI
bank
Page. As
the Page
is a
look
alike of
ICICI
bank
Page,
the
unassuming
victim
entered
his
username
and
password
of the
bank
account
along
with his
details
asked
there.
Within a
span of
ten
minutes,
Rs.10,25,000
were
withdrawn
from his
account
by some
unknown
persons
in ten
transactions
and the
amounts
were
transferred
to
various
accounts
in ICICI
bank
accounts
across
India. |
|
|
|
What is Phishing ? |
|
Phishing
is an
attempt
to
criminally
and
fraudulently
acquire
sensitive
information,
such as
usernames,
passwords
and
credit
card
details,
by
posing
as a
trustworthy
site in
an
electronic
communication.
Most of
the
online
banks
are
common
targets.
Phishing
is
typically
carried
out by
e-mail
or
instant
messaging,
and
often
directs
users to
enter
details
at a
website,
although
phone
contact
has also
been
used at
times. |
|
|
What is Vishing ? |
|
This
form of
fishing
for
valuable
information
is
called “vishing”.
As
you’ve
probably
guessed,
it’s a
variation
of the
term
“phishing”
– and
the V
stands
for
Voice.
We can
sometimes
be less
guarded
when a
phishing
attack
comes
through
the
phone
lines. |
|
|
Have you ever got a
mail like this? |
From:
ICICI
Bank
mailto:ibanking@ICICbank.com
Sent: Tuesday,
February
25, 2009
12:37 AM
Subject:
ICIC
Online
Banking
Customer
Alert
Account
Notification,
You are
receiving
this
message,
to
notify
you
about
our new
improved
online
security
software
This new
secure
socket
layer (SSL)
software
has just
been
newly
implemented
to help
secure
our
valued
customers,
from any
form of
unauthorized
access
to their
account
especially
from
different
ip's
So we
ICICI
Bank is
alerting
all our
numerous
customers
to
upgrade
their
account
to this
secure
server
software.
my
account
activity
Customer
Service
ICICI
Bank.
(c) 2008
All
Rights
Reserved. |
|
|
How to Spot Phishing
Emails |
|
It is
easy to
uncover
a crude
phishing
scam.
For
example,
if you
get an
email
from a
bank
you’ve
never
opened
an
account
at, then
don’t
follow
the link
and
enter
your
personal
information.
Now, if
you
actually
have an
account
at the
institution
it gets
more
interesting.
You’ll
want to
look at
the
message
carefully
to see
if it is
a
phishing
scam.
Are
words
misspelled?
Sometimes
scammers
operate
in a
second
language
and they
give
themselves
away by
using
poor
grammar.
You
should
also
examine
the link
provided.
Does it
really
go where
it
appears
to go?
The best
way to
prevent
this is
to copy
and
paste
the link
(don’t
click
it) to
your
address
bar.
However,
you can
still
get
tricked
by URL’s
that
look
legitimate
but have
one or
two
letters
switched.
The best
way to
avoid
becoming
a
phishing
scam
victim
is to
use your
best
judgment.
No
financial
institution
with any
sense
will
email
you and
ask you
to input
all of
your
sensitive
information.
In fact,
most
institutions
are
informing
customers
that “We
will
never
ask you
for your
personal
information
via
phone or
email”. |
|
|
Safety tips to avoid
Phishing ? |
|
When you
receive
emails
claiming
to be
sent by
banking
institution
asking
you to
enter
your
account
details,
DO NOT
do so!
Your
bank
already
has your
details
and
clearly
would
not want
them
again. |
 |
Check if
the
email
that you
receive
has your
name
spelt
correctly.
Fraudsters
simply
try to
guess
your
name by
your
email
address.
DO NOT
open
emails
that
have
your
name
spelt
incorrectly. |
|
|
Check
the
email to
see if
it is
addressed
to your
name.
Fraudsters
never
personalize
emails,
they
will
refer
you as
“Dear
Customer”
or “Dear
Valued
Customer”
because
they
send
emails
randomly
to a
million
email
addresses
and they
even
don’t
know
that you
have an
account
with the
bank.
Your
bank or
e-commerce
company
on the
other
hand
will
refer
you with
your
name.
|
|
|
DO NOT
respond
to
emails
that
seem
like
they are
sent
from
your
bank.
Some of
the
claims
made in
these
emails
may be
the
following:
You are
to
receive
a refund
The bank
is
trying
to
protect
you from
a fraud
The bank
needs
some
security
and
maintenance
update
on your
account
|
|
|
If you
receive
such
email
always
check
back
with
your
bank
directly
or speak
to the
customer
service
representative
of the
bank. |
|
|
NEVER
enter
your
credit
card
details
and
password
in a
website
which
you
suspect
is not
genuine. |
|
|
DO NOT
share
your
account
details,
password,
or
credit
card
details
with
anyone
who you
do not
know or
trust. |
|
|
DO NOT
open
unsolicited
emails. |
|
|
It is a
good
practice
to type
in the
URL of
your
bank
yourself,
or
bookmark
it if
the URL
is
difficult
to
remember. |
|
|
DO NOT
follow
links to
a
banking
website
from
another
website
or
email. |
|
|
Verify a
website’s
URL
carefully
before
you
provide
your
login
details
on any
web
page.
Fraudsters
create
fake
websites
that
have
URLs
closely
resembling
the
original. |
|
|
Log in
to your
accounts
regularly
and look
for
account
transactions
that you
do not
recognize. |
|
|
DO NOT
send
your
account
details
and/or
password
over an
email to
anyone. |
|
|
If you
get a
phone
call
about
one of
your
accounts,
hang up
and call
the
institution.
Dial the
number
that
appears
on the
back of
your
credit
card or
on your
statements.
Then,
you know
you’re
in the
right
place
and they
can take
care of
any
issues
on your
account. |
