Online Banking Fraud Alert! Online banking has eased customers bank-related work like money transfers. However, every good thing comes at a cost. Due to net banking, customers can do banking transactions from home and do not need to visit their bank for routine works. In just a fraction of seconds, money is being transferred to another bank account. However, with the rise in the use of online banking or digital payment, the risk of losing money to fraudster has also increased.
So, the bank customers need to be vigilant to ensure that they don’t fall prey to identity theft fraudsters who steal their money from the bank account by getting unauthorised access.
To protect against online fraud, including phishing, India's largest lender State Bank of India (SBI) suggests customers to be suspicious of any e-mail or text message containing an urgent request for personal or financial information.
The largest lender says on its official website, “SBI and most other financial institutions and credit card companies normally will not use e-mail to confirm an existing client’s information.”
The bank further says, "We would like you to be aware of methodologies in a 'Phishing' attack, do's and don'ts in sharing of personal information and the action to be taken in case you fall prey to a phishing attempt."
- Phishing attacks use both social engineering and technical subterfuge to steal customers' personal identity data and financial account credentials.
- Customer receives a fraudulent e-mail seemingly from a legitimate Internet address.
- The email invites the customer to click on a hyperlink provided in the mail.
- Click on the hyperlink directs the customer to a fake web site that looks similar to the genuine site.
- Usually, the email will either promise a reward on compliance or warn of an impending penalty on a non-compliance.
- Customer is asked to update his personal information, such as passwords and credit card and bank account numbers etc.
- Customer provides personal details in good faith. Clicks on 'submit' button.
- He gets an error page.
- Customer falls prey to the phishing attempt.
- Do not click on any link which has come through e-mail from an unexpected source. It may contain malicious code or could be an attempt to 'Phish'.
- Do not provide any information on a page which might have come up as a pop-up window.
- Never provide your password over the phone or in response to an unsolicited request over e-mail.
- Always remember that information like password, PIN, TIN, etc are strictly confidential and are not known even to employees/service personnel of the Bank. You should, therefore, never divulge such information even if asked for.
- Always logon to a site by typing the proper URL in the address bar.
- Give your user id and password only at the authenticated login page.
- Before providing your user id and password please ensure that the URL of the login page starts with the text ‘https://’ and is not ‘http:// ‘.The 's' stands for 'secured' and indicates that the Web page uses encryption.
- Please also look for the lock sign (lock icon) at the right bottom of the browser and the verisign certificate.
- Provide your personal details over phone/Internet only if you have initiated a call or session and the counterpart has been duly authenticated by you.
- Please remember that the bank would never ask you to verify your account information through an e-mail.
What to do if you have accidentally revealed password/PIN/TIN etc:
If you feel that you have been phished or you have provided your personal information at a place you should not have, please carry out the following immediately as a damage mitigation measure.
- Change your password immediately.
- Report to the bank by clicking on the link Report Phishing
- Check your account statement and ensure that it is correct in every respect.
- Report any erroneous entries to the bank.
- Use the other compensatory controls provided by the bank like setting the limits for demand draft and trusted third parties to zero, enabling high security, etc to minimize the risk.
If anything suspicious happened, the customers should immediately call their bank for help or information only on numbers obtained from credible sources.
While accessing the bank’s website, the customer should always look out for padlok and the URL starting with “https”.