Saturday, January 05, 2008

Bank Mail Phishing Scam - Received A Mail From Fake HDFC Banking Service

GMail is the one of the best email service which detects and eliminates spam and phishing scam mails. Almost 95% of the fraud mails which I receive are detected and moved to Spam folder.

But sometime Spammers and Phishers bypass GMail filters. Today I received the following mail from [phishing mail id] asking me to reactivate Internet banking account

Unauthorized NetBanking Access On Your Account

In the last few weeks, our Online Banking Security team has observed multiple logons on your Internet Banking Account, from different Blacklisted IP's, therefore been blocked, to prevent further unauthorized access for your safety. we have decided to put an extra verification process to ensure your identity and your Internet Banking Account Security.
Click on for your NetBanking Online Access.

Security Advisory,
HDFC Online Banking

Please update your records on or before 48 hours, a failure to update your records will result in a temporary hold on your funds - it's one more way that HDFC makes your online banking experience better..
© 2007 All Rights Reserved

When I read the mail I thought it as a legitimate mail for few seconds, but after analysing the link provided in the mail I found out that it is fraud mail. The link provided in the mail is pointing to a destination URL  "" [don't click the link] which is not at all related to HDFC Bank.

Here are few tips to safe guard yourself against online banking fraud

Banks Never Sends E-Mails Asking Username/Password

None of the banks send e-mails to their customers asking Username/Password details to enable,reactivate, receive goodies, etc. Only phishing scam sites send mails asking username/password.

Analyse The Links Before Clicking

When you are about to click a link related to your bank, please take a moment and analyse the destination address. By placing mouse pointer on a link you can see the destination URL in status bar.

It is always preferred to avoid following the bank related links provided in emails.

Use Google Search or Bookmarks to open your bank's homepage

Phishing Scams use misspelled website address with user interface very similar to your actual bank websites. It may be very tough for a common user to differentiate fake website and actual website. So it is not safe to type your bank homepage URL in the URL bar as we may misspell  at times.

The first solution to avoid such mistakes is to use Google Search. Enter the name of your bank in Google Search and follow the results. Google has very huge index of phishing sites and they filter such sites from search results.

If you don't prefer to use Google Search every time to navigate to bank's homepage , use it once and bookmark the address in your browser. From next time onwards use the bookmark to navigate to your bank home page.