Top 5 Indian Banks Face Phishing Scam

Banking Customers Fall Prey to Phishing Scams

( 3 min read )

Sensitive banking information is always a matter of great anxiety for us and a matter of great opportunity for hackers. If, through phishing scams, hackers are able to outright steal your credentials, it saves them the trouble and trickery of getting you to direct payments through false ruses and theatrics. To that effect, warning bells are ringing, and top 5 Indian banks are at risk. Here is a case study of a banking related security breach that attempts to steal your banking information through a phishing scam.

The Top 5 Indian Banks whose name are used for carrying out Phishing Scam

All the big names you likely know and probably are a customer of being caught in this phishing scam. SBI (State Bank of India), ICICI, HDFC, Axis Bank, PNB (Punjab National Bank) are the 5 banks that are at risk. But is the phishing scam directed towards theft from the banks? Actually, no. The threat is towards the banks’ customers who are being lured into the hackers’ trap through urgency-inducing emails.

So, if you are a patron of either of these top 5 Indian banks mentioned above, you are essentially a phishing target.

Specifics of the banking related phishing scam

Customers having accounts in SBI, ICICI, HDFC, Axis Bank and PNB should treat this case as a red alert. The risk for these group of people was revealed in an investigation by a joint investigation between a think tank and a cybersecurity company based in New Delhi.

So, how is the phishing scam being carried out?

Cybercriminals are tricking the bank customers into divulging sensitive personal information. The act that they have put on is that of an urgent income tax application. The hackers are asking their victims to submit an application for claiming income tax refund. To do that, users must click a link that redirects them to a webpage that on the surface looks like the actual, official income tax e-filing web page. These phishing links are delivered via emails, with the messaging cleverly laid out to cause excitement.

Once at the spoofed page, the victims are asked to perform some verification steps which take them through a set of user input fields. The victim has to fill out sensitive personal information such as full name, PAN, Aadhar, address, pin code, DOB, contact number, email address, gender, marital status and banking information like account number, IFSC code, card number, expiry date, CVV/CVC and card PIN. The bank name is auto-populated according to the IFSC code.

Filling out this information puts the victims at a major risk of financial loss and thefts.

Put Your Mind at Ease

If you are a customer at one of these top 5 Indian banks, you must feel rattled, which is natural. However, if you think of it, the major entry point for this phishing scam to work is not the dummy page, but the phishing link. If you don’t click it, you remain safe.

Tips for Avoiding Being a Victim Of Phishing Scams:

  • Don’t reveal personal details or financial information to untrusted sources.
  • Don’t respond to any suspicious emails, or engage with the links or attachments in such email.
  • Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but there are always tell-tale signs like logo mismatch, shabby content, or zero attention to detail.
  • If you are not sure about an email correspondence, verify it by contacting the company directly.

Business organizations of all sizes (small, medium or large) face phishing attacks and can be largely impacted.

Our email security solution, Cloud Email ATP, can identify phishing links and potential threats. Such emails are instantly flagged. Moreover, our email security service also validates every email against a well-known blacklist of spammers, reducing the chance of a phishing email dropping into your inbox at all. Choose stronger gatekeeping instead of recovery and firefighting. Protect yourself from email threats and leave the stress of your email safety to us.

Leave a Reply

Your email address will not be published. Required fields are marked *