All the banks are regularly advising their customers daily for being aware of the increasing phishing frauds by cyber criminals. The fraudsters send emails to the customers which look very similar to that from a bank. The mail would ask you to re-submit account details or credit card information. Hence, to remain safe from this fraud, lenders like State Bank of India (SBI), HDFC Bank and ICICI Bank do warn their customers on their website.
SBI on its website explains, ‘Phishing’ is a common form of Internet piracy. It is deployed to steal users personal and confidential information like bank account numbers, net banking passwords, credit card numbers, personal identity details etc. Later the perpetrators may use the information for siphoning money from the victim’s account or run up bills on victim’s credit cards. In the worst case one could also become the victim of identity theft.
Here’s how to identify a phishing fraud, as per HDFC Bank.
1. Verify the URL of the webpage. The ‘s’ at the end of ‘https://’ stands for ‘secure’ – meaning the page is secured with an encryption. Most fake web addresses start with ‘http://’. Beware of such websites!
2. Check the Padlock symbol. This depicts the existence of a security certificate, also called the digital certificate for that website.
3. Establish the authenticity of the website by verifying its digital certificate. To do so, go to File > Properties > Certificates or double click on the Padlock symbol at the upper right or bottom corner of your browser window.
ICICI Bank states that, If you receive an e-mail claiming to be from ICICI Bank regarding updating sensitive account information like PIN, password, account number, let us know by forwarding the e-mail to firstname.lastname@example.org.
Preventive Measure you can take:
- It is advisable to type to bank URL in the browser and login.
- Always make sure the login page of any bank is https:// (secured http) and not just http://.
- Do not share any ATM Pins or password over emails from bank. The bank never asks for such details over emails.
- Never provide your personal details to anyone unless you have initiated it.
If accidentally revealed your Password/PIN, then this is what you can do as per SBI.
If you feel that you have been phished or you have provided your personal information at a place you should not have, please carry out the following immediately as a damage mitigation measure.
- Change your password immediately.
- Report to the bank by clicking on the link Report Phishing
- Check your account statement and ensure that it is correct in every respect.
- Report any erroneous entries to the bank.
- Use the other compensatory controls provided by the bank like setting the limits for demand draft and trusted third parties to zero, enabling high security, etc to minimize the risk.
Never do this!
- DO NOT click on any suspicious link in your email.
- DO NOT provide any confidential information via email, even if the request seems to be from authorities like Income Tax Department, Visa or MasterCard etc.
- DO NOT open unexpected email attachments or instant message download links.
- DO NOT access NetBanking or make payments using your Credit/Debit Card from computers in public places like cyber cafés or even from unprotected mobile phones.
Thereby, follow the instructions of your bank, to secure your money. Prevention is always better than cure, always be aware about the frauds and what your bank warns you about them. Be updated with the latest phishing attacks.
Logix Cloud Email Security with ATP is a full-service email security solution designed to safeguard medium & large enterprises from deadly
- Targeted Phishing attacks
- Advanced Malwares
- Forged Email Detection (Display Name Spoofing)
- Embedded Malicious URL Scanning
- Cousin Domain Spoofing
- Business Email compromise (BEC)
- Potential Dangerous Attachment.