WHAT you are about to read happened to Customers of AXIS Bank (formerly UTI Bank), received an e-mail asking them to renew certain services. If they didn’t, the e-mail claimed, their account could be suspended or deleted. Reproduced below is the text of the e-mail:
This is your official notification from AXIS Alerts Previous notifications have been sent to the Billing Contact assigned to this account. As the Primary Contact, you must renew the service’s listed below or it will be deactivated or deleted.
Click on the following link below to renew online banking information.
EXPIRATION: Aug. 9th 2007
*Renew My Online profile*
AXIS Account Review Department.
© 2007 AXIS Bank All rights reserved
The mail then provided a link that took the gullible customers to a site which looked exactly like the AXIS Bank web site! This incident was alerted by security company Websense Security Labs. It reports that fraudsters were using e-mails to target AXIS Bank customers. And yet another instance of the widespread ‘phishing’ menace today came to light. What you should know about phishing
Phishing is a criminal activity used to collect confidential information such as your credit card number, bank account access details and so on. Typically, you receive an e-mail from a familiar looking e-mail ID (like firstname.lastname@example.org). The mail would contain sensitive, threatening or provocative messages, prompting you to respond immediately. Don’t bite these baits!
Watch out for these common baits in your e-mail. These may come in the form of subject matter or even in the body of your e-mail.
- Your bank account is disabled
- Technical or statutory verification
- Action required for security reasons
- You have won a surprise gift
- Verify security upgrades
The idea is to get you to click the given link in the message.
The link takes you to a site that looks authentic (similar to your bank’s web site, for example). You think you have logged on to your bank’s site and key in confidential banking information. What you have done, effectively, is give sensitive information on a platter to fraudsters. And you bet they will misuse it, leaving you to foot the bill. Problem is, once realisation dawns, you will not be able to do much about it — you don’t even know who they are! They could be anywhere in the country or, indeed, anywhere in the world.
What you can do to protect yourself
i. Beware of e-mails that sound ‘phishy’.
ii. Smell a rat if an e-mail is not personalised. For example, it would begin with ‘Dear Customer’ rather than your name. Fraudsters normally send mails en masse.
iii. Do not act rashly, even if the e-mail asks you to act promptly.
iv. If asked for confidential information, don’t even click on the links provided.
v. Check the URL of the web site where you enter information.
Phishing web sites differ from the original.
Original web site – Phishing web site
https://www.abcdbank.com – http://www.abcdbank.com
https://www.abcdbank.com – https://www.abcbbank.com
https://www.abcdbank.com – https://www.abcd-bank.com
vi. Check the padlock sign at the bottom right end of your browser’s status bar. All secure financial web sites have this security feature.
vii. Never enter your personal information in a pop-up screen where the URL is not visible.
viii. Protect your computer with spam filters, anti-virus and anti-spyware software.
ix. Use the latest web browsers available. The new Internet Explorer and Mozilla Firefox browsers come equipped with phishing filters.
x. Never open e-mail attachments from unknown sources. Should you fall prey to a phishing attack despite all these precautions, act immediately. Contact the respective bank or web site and forward the phishing e-mail to them for verification.
These kind of scams are raising steadily and more number of the bank customers fall into this trap. You have to be very careful on doing the bank transactions and giving out any sensitive information to the internet. There may be some one watching you without your knowledge, if your PC is not secured enough to protect from the malwares. I have received news letter from HDFC bank explaining how to protect from the phishing attacks. The following are few points worth consider:
- In case of doubt, do not click on any link provided in the e-mail
- Do not give any confidential information such as password, customer id, Credit/Debit Card number or PIN,CVV,DOB to any e-mail request, even if the request is from government authorities like Income Tax department or any Card Association company like VISA or Master Card
- Do not open unexpected e-mail attachments or instant message download links
- Always check the web address carefully before sharing any sensitive information
- For logging in, always type the website address on your web browser
- The Padlock icon at the upper or bottom right corner of the webpage must be always ‘On’ during secure transactions
- Ensure that you have installed the latest anti-virus/ anti-spyware/ personal firewall/ security patches on your computer or high end mobile phones
- Use non-admin user ID for daily work on your computer
- Do not access NetBanking or make payments using your Credit/ Debit Card from shared or unprotected computers in public places
- Do not call and leave any personal or account details on any telephone system, voice message, e-mail or an SMS
- Do not transfer funds to or share your account details with, unknown/ non-validated source, luring you with commission, attractive offers.
WHAT IS SPOOFING
Website Spoofing is the term for falsified e-mail addresses that appear to come from a sender when in fact, the message is really being sent by a spammer. They can be difficult to spot and cause many problems, both for recipients and spoofed e-mail address owners. Scamsters can not only fake the URL but also the Pad lock icon at the bottom right corner.
HOW THE SPOOFERS OPERATE
E-mail spoofing can assume a variety of forms. Basically, a spoofed e-mail appears to be sent from one source when it actually was sent from another source entirely. However, any replies to a spoofed e-mail go directly to the legitimate e-mail account causing confidential customer information to be captured. It is extremely difficult to detect a spoofed e-mail address, at first glance. But it is possible to identify a spoofed e-mail by carefully analyzing e-mail headers .Examples of spoofed email that could potentially affect you include: email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this , email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information .
WHAT IS VISHING
Vishing” or “Voice Phishing” is the act of leveraging a new technology called Voice over Internet Protocol(VoIP) in using the telephone system to falsely claim to be a legitimate enterprise in an attempt to scam users into disclose personal information. The victim is contacted by a phishing e-mail directed to a VoIP based telephone number. The user may recieve a telephone call from another individual with a spoofed caller ID or a recorded incoming call with a spoofed caller ID directing them to a phishing site.
HOW THE VISHERS OPERATE
Fraudsters uses a spoofed (fraudulent) caller ID matching the identity of a misrepresented organization and they invite you to punch your telephone information through your telephone keypad. The content of the incoming message is designed to trigger an impulsive reaction from you. It can use upsetting or exciting information, demand an urgent response or use a false pretense . Any of the personal information such as bank account number, credit card number, PIN etc should not be typed in your telephone keypad in response to above mentioned calls. As a customer you also have a role in stopping vishing scams. You are encouraged to recognize it, report it and stop it. Do not react immedietly without thinking.
FRAUD’s Done at ATM Machines
WHAT IS SKIMMING
Skimming is a scam where scamsters use a skimming card reader or skimmer with which they make a counterfeit copy of the ATM card or Credit card. While the victim withdraws money from his/her account the card details will be read into the skimmer or an attached PC. Once the skimmer gets the card data they can duplicate the card and also use it for online shopping.
HOW THE SKIMMERS OPERATE
Usually Skimming card readers or Skimmers will be placed in ATMs or POS machines . Skimmer is a small electronic device which is capable of capturing the data present in magnetic strips of the cards. Skimming may take place during a legitimate transaction at a business. Such fraudlent activities can happen mostly in shopping outlets and restaurants. For example, in a restaurant your card may be taken away when the bill is being settled and may use your card for regular transaction, also for capturing the card details. This captured card details will be misused by the scamsters.
TIPS TO PROTECT YOURSELF FROM SKIMMING
|Do not leave your card unattended.|
|Keep changing your ATM Card PIN number regularly|
|Use your hand or body to shield your PIN from onlookers when you are conducting transactions at a bank machine or at the point-of-sale.|
|Beware of a skimming card reader.|
|Regularly check your statements or passbook to verify all transactions have been properly documented.|
|Never let your card out of your sight, for example at a restaurant.
Below are some simple rules, which ensures that your ATM transaction safe.
Mobile Banking Threats
The threat of mobile phone malwares, though not pronounced still, is expected to become a nightmare for mobile phone users in the not too distant future. Mobile malwares spread or infect other handsets without any user interaction through bluetooth e-mails or infected multimedia message . There are some spying tools that can be installed on the target mobile phones to keep a log of each and every activity of the user. Such logged information may be forwarded to spying server for viewing and misusing .
|Tips To Deal With Mobile Malwares|