Have you heard from the gentleman Mr. David Mark who has extreme faith in you and would like to transfer $12 million into your bank account, recently? All he needs is your bank details, and he would be happy to wire the money to your account. A generous gentleman he is, who wants to help you earn money for the only reason because he found your name and email address in a list of successful young people on the internet.
As if you have an option! |
About an year ago, when my friend was looking for laptops on eBay.com a good samaritan from UK offered to sell four of his brand new Lenovo T series laptops for only one-third of the actual price. A reasoning person, my friend is, asked for the reason behind the good samaritan selling laptops at such a low price. Pat came a genuine reply for his email, that he decided to leave UK and would like to see the stuff he recently bought. My friend excited about the cheap deal and after a sufficient research on eBay site found the seller in UK to be legitimate and wired him money for two laptops through Western Union. After a two weeks of silence from the seller, my friend found out that he wasn't a good samaritan but a scamster who built up his good profile by doing lots of genuine transactions through the website. Loss incurred was a little above 1000 USD. But experience gained, priceless!
And yesterday, my roommate received an email from a very concerned State Bank of India's security system (email: security@sbi.com) with an attachment to a html page SBI Security.html. Overwhelmed with joy knowing about the caring and thoughful security system, we read the message from the html page.
The html page also had an image on its top left corner which took forever to load. We would have bought it to be a genuine email had there been no typos, but alas! The message reads:
Dear Valued Customer, Your account has generated an Error code SB-907 in our new security system due to mis-match access.
Please login with SBI security link below to resolve this problem in order to enroll your SBI account in our new online System for mixmum protection against online phishing.
For security reason all information should be match correctly to avoid account suspension,
including hint question and answer that you had set for the Profile password.
CLICK HERE TO RESOLVE THIS PROBLEM
Thank you for using STATE BANK OF INDIA
c SBI . All rights reserved.
On clicking the link to resolve the problem, it took us to a fake SBI website hosted at http://resellerslogin.net/dialer/upload/sbi/indexx.html. It had almost same interface as the real SBI website hosted at https://www.onlinesbi.com/ with lots of typographic errors (the fraudulent site is down at the time of writing this blog post). All it would take for the scamsters to assume control of your money is you logging into the phishing site. These kind of cases may also lead to your identity theft.
Sharing my gyan based on a few observations, after all Experience is what you do with what happens to you:
Spelling mistakes are definitely to look out for finding out scam websites. Any genuine banking website would do their monetary transactions through a secure connection (https). Look out for SSL certificate to learn if a website is safe or not while doing transactions that require security. When in doubt, do not open the web pages. Also, it is always better off logging out of all your accounts (gmail, email, facebook etc. anything with your authentication) while clicking on a doubtful link. Or, open it in a fresh instance of the browser.
SSL Certificate of SBI in Firefox browser |
Also it is important to report these phishing attacks. When you encounter these kind of sites, make it a point to report to the concerned authority (SBI in this case). Also, you can report it on Google through their page http://www.google.com/safebrowsing/report_phish/.
Beware of phishing, and be a phishbuster by sharing this message. Happy browsing, and don't be afraid due to the befalling end of IPV4. It will reincarnate as IPV6 and restore the balance.
OMG!! What innovative scamsters!! This is the second post I am reading today, on such fraud mails!!
ReplyDeleteThere was another post like this that warned us of phishing attacks to secure account related info. Banks don't send emails to customers asking for such details. ICICI has a message in the customer care IVR system that emphasises this point. informative post.
ReplyDeletevery right vee, I get junk mails of this sort daily.
ReplyDeletemy friend paid a 50$ amount for payment of a thing, within seconds 1500 $ were deducted from his account. the goods seller to was fraud. he could not get refund too from credit card co. as it was from his ip.address.
Hey Vee, I have tagged you at http://cybernag.in/2011/01/could-this-become-the-movement/
ReplyDeleteDon't worry, it is not a frivolous tag but one with a cause. Please pick it up to spread the message around.
Scamsters are not only limited to banking.. Dew got an email saying that he got a job in london from a well know company. They even produced a letter head!!
ReplyDeleteShilpa -
ReplyDeleteYeah, creativity at its best. And, there is a sudden increase in these kind of emails very recently.
Zephyr -
Yes, banks definitely don't send emails asking for a customer's username and password. But, not many realize this. I wonder how the people who resort to these scams target their right audience! By sending emails with phishing attacks on SBI site to an SBI customer.
Pramod -
ReplyDeleteThat sucks! Also, doing monetary transactions on the internet connection at home always gives me shudders as it might easily lead to breach of security..
Srikanth -
Letter head also? Wow, that's innovative! :D So did they ask him to send some money if he wants to take up the job offer?
Zephyr -
I will sure pick up the tag! Thanks for tagging me..
At times these scammers are so creative that even the most intelligent of the lot might fall in the trap. Few days back there was this e-mail for income tax refund. Perfect timing !! Because people expect IT refund at this time of the year. We need to keep our eyes open when we are online. And inform others about our experience so as to create awareness, just like you did.
ReplyDeleteVee - I have received many such emails but one was a typical Nigerian fraud, with my parents died in aircrash leaving unaccounted wealth kinds. I had a gala time interacting with the scamster on emails asking him all kinds of questions and making him / her go round and round. They never figured i was having fun on their account... but nonetheless, informative post.
ReplyDeleteMayank -
ReplyDeleteSo you even interacted with those guys! That must be fun :)
These phishing mails are popular mainly with State Bank of India, and if u have an account with SBI u got to be smart enough to know which mails are actually from phishers.
ReplyDeleteIn fact, when I was in the TCS interview, this is what they asked me about phishing, and I surprised the interviewer with the amount of detail that I gave to him about the topic :D
Aniruddh -
ReplyDeleteYeah, I read what you wrote about your interview experience. It must be very satisfying for you after all this! Keep rocking.