Guarding
against Phishing Attacks
What is phishing?
Phishing is a fraudulent practice of obtaining personal or private information like credit card details, passwords etc. by deceit and the use of social engineering (i.e. gaining information through innocuous informal conversations) and using such information to perpetrate financial frauds for example use credit card details to shop online or to empty the unsuspecting victim’s bank accounts.
In a typical phishing attack the victim gets a seemingly
legitimate e-mail luring them to a spoofed web site( i.e. a website which is
not what it appears to be; which could look similar to the user’s bank’s
internet banking site but is in reality, a site hosted by someone with
malicious intent) where they are advised to log-in with their user-id and
passwords and also reveal other sensitive information like credit card
number/PIN etc. In most of these mails, bait is thrown to the unsuspecting
victim like promising them a free gift or a one time waiver of fees or even threatening
them with events like their user-ids being de-activated unless they key in
certain personal information.
Phishing attack is carried out in one of the following ways:
· E-mail: In most cases, mass mailing is used, thereby adding the negative effects associated with spam to the problem of phishing.
· Specially-crafted websites: Most common are banners advertising a bank that actually point to carefully crafted, but fake website.
·
IRC (Internet Relay Chat).
How can we avoid being victims of
such attacks ?
The most important aspect to bear in mind in order to avoid
becoming a victim of a phishing attack is to be cautious and wary of any type
of communication, which asks for personal data. A few do’s and don’ts can go a
long way in preventing such attacks.
Do’s :
· If in doubt over any e-mail received which appears to be a phishing mail, the best thing to do is always contact the bank and verify its legitimacy.
· Look for Website seal approvals (Verisign, BBBOnline, TRUSTe, PwC Better Web, CPA WebTrust, Clicksure, etc.) and click the seal to verify the site’s authenticity.
· Before sending the information, verify that the connection is ‘secure’ (the address bar should start with https://…. instead of http://….). Look for the SSL lock at the bottom of the browser.
· Install / update Anti-Virus s/w regularly.
Regularly check your online accounts/ statements to ensure
that all transactions are legitimate.
Don’ts:
· Do not open unknown email attachments; save the file to hard disk, disconnect the internet connection, scan it for virus, and then open it.
· Never download screen savers, wallpapers, images etc. from un-trusted sources, even if they are appealing.
· Never provide any personal information like passwords, PIN, credit/debit card information etc. to any entity in response to any e-mail request.
· Never click on any hyperlink (Click here option) provided in any e-mail. Instead open the website by typing the correct URL on the address bar.
· Do not fill out forms in email messages that ask for personal financial information.
· Do not do your banking or other sensitive transactions from a cyber cafe.
Precautions to be taken to avoid becoming a victim of phishing
attacks:
1. Some Fraudulent E-Mail messages
Don’t forget to
trust your instincts. If an e-mail message looks suspicious, it probably means
it is. The following are few phrases to watch for in an e-mail:
·
“Dear Valued Customer” - Phishing e-mail messages are usually sent out in bulk and
do not contain your first or last name.
·
“If you don’t respond within 24/48 hours, your account will be closed” - Phishing email messages try to
scare the customer into divulging personal financial information.
· “Verify your Account” - Bank will not ask customers to send passwords, login names or other personal information through e-mail for verification of their accounts.
· “Easy Money E-Mail hoax” - emails requesting customer to fill in a form containing personal financial information to enable transfer of money.
-
Be wary Of Fake Internet Banking site
Another common technique that
phishers use is a URL in a phishing mail that at first glance appears to be the
name of the Internet Banking site of the bank but is slightly altered by
intentionally adding, omitting or transposing letters. Our bank’s Internet
Banking site, which is onlinesbindore.com, could be deceptively written as sbindoreonline.com. Other ways to disguise URLs include
substituting similar-looking characters. A zero can be substituted for the
letter O within a URL -onlinesbindore.com could be written as 0nlinesbindore.com
in a false link by phisher (note zero used instead of letter O). Similarly,
digit 1 can be substituted for the letter I within a URL. If customer suspects
the message is not authentic, he should immediately call the bank on the
telephone, or log onto the bank’s website by typing in the Web address (
www.onlinesbindore.com)
in the browser’s address bar.
3.
Avoid
using ‘Click Here’ option provided in an email to go to a web page especially
if the e-mail message looks suspicious. Instead, type in the correct URL in the
browser’s address bar to avoid going to fake website.
4. Always use a secure website when submitting account number, password, credit card/ debit card number or other sensitive information via Web browser. Look for the SSL lock at the bottom of the browser and check the beginning of the Web address in browser’s address bar - it should be "https://" rather than just "http://".
5. Regularly check your online accounts/ statements to ensure that all transactions are legitimate.
Follow
the above precautions and keep off a Phisher’s hook.
Do report
Phishing Mails : An exclusive e-mail id viz.
“ealert@sbindore.co.in” has been created by the bank
for enabling customers to report e-banking related suspicious e-mails.
This e-mail is monitored regularly to check for any incoming message.
Please report any incident of "Phishing" attacks to this e-mail address
and also to the Branch Manager of your parent branch. It would enable the
bank take prompt remedial measures to block phishing
attempts.