For the past couple of months, many of the SBI customers receive a spoofed email message claiming a need to update banking information for server upgrade. The email provides a link to a phishing site that attempts to collect personal and account information, the statement said.
The Phishing email text is reproduced below:
Dear valued SBI Netbanking Customer,
SBI’s Internet Banking, is hereby announcing the New Security Upgrade. We have upgraded our new SS: servers to serve our customers for a better and secure banking service, against any fraudulent activities. Due to this recent upgrade, you are requested to update your account information by following the reference below.
Reference*
Regards
Customers Service
State Bank Of India
The phishing site was hosted in the US and was up at the time of this alert. The lab has received similar reports from other banks as well. However, SBI is the only Indian bank, among these.
It may be recalled that in the month of July, anti-virus and content security software provider, MicroWorld Technologies discovered a phishing mail in the name of ICICI bank, targeting customers aiming to con them into revealing sensitive financial information.
Though, phishing is a new phenomenon in India as compared to the US, South America and Europe, but it has witnessed an increase, specially among bank customers opting for net banking.
An anti-phishing working group report published last June said that phishing incidents in April 2005 rose to 15,050 globally.
How to prevent Phishing ?
- Always look in to the address bar of your browser, and make sure that, the address is corrct ( check entire letters, because some phishing sites are using slightly modified names, which may not be noticed at first glance). a better practice is type the bank name in google and search, google will give you the original link, and that would be safe 99% times.
- Never follow links in an email claiming to be from your bank. Ignore these types of emails. Banking institutions never ask you to verify your online banking username and password, except perhaps during initial sign-up, though this is not a common practice. These links may lead to a website that looks like your bank’s site but is not.
- The website linked to in the email may ask you to enter your username and password. Do not do this until you have verified you are dealing with your banking institution. Call customer service and ask if this is a common practice. If customer service tells you it is not common practice, notify them of the email you received, as well as the url in the email. Indicators are bad urls, no padlock icon in your browser or other security indicators missing from your usual online banking session experience.
- Install a good Anti-Virus and firewall. Some products for you to consider are:• AVG Free • Avast! Anti-Virus • ZoneAlarm • BlackICE PC Protection
Please pass this information to your near and dear ones, and friends.
Many people in technopark and infopark has got such mails claiming SBI account verification. and I read in newspaper that many people has lost their money too.
Many of the IT companies has given the alert to their employees too