ICICI Bank’s Online Customer Phished Off

Anil Singhal, working as Divisional Railway Manager of Madurai Division, Southern Railway (India) was phished off Rs. 53,000 ($1,083.85) after he responded to a phishing e-mail, as per the news published by The Hindu on August 31, 2009.

As per the victim, he received an unsolicited e-mail on August 23, 2009, which purported to be coming from the ICICI Bank's Customer Care Division, where he was having an account.

The phishing e-mail stated that as several online frauds were occurring, the bank was looking up to upgrade its security. So the recipient was asked to click a link given in the e-mail.

Falling into the trap laid by the phishers, Singhal clicked the link; soon he noticed a login page popping up on the screen and as he was not able to make any distinction, he filled his password and username there. The moment he did this, a message popped on the site saying that the site will now be shut down for maintenance till August 29, 2009.

The surprising fact is that Singhal did not doubt for even once during the entire process. Though, while logging onto his net-banking account on August 30, 2009, he discovered that it was deactivated. Then, he tried to operate his account through his ATM, but to his surprise just Rs. 83 was there in his account.

On enquiring the bank authorities, it was explored that a person (probably a phisher) had drained off Singhal's bank account in two parts via net-banking.

The examples like that of Singhal's are regularly encountered and outline the security threats that can be witnessed by people operating their bank accounts online. Banking authorities therefore advise online customers not to click any link embedded in a suspected e-mail.

Besides, banks are suggesting their customers to read the e-mail with utmost care for any spelling or grammar mistake, as phishers generally don't pay much attention to these things while the genuine banks like ICICI will never commit such silly mistakes.

Customers should realize that banks normally don't ask for such confidential details via e-mail. However, in case they receive such a message purporting to come from bank, they should first confirm its legitimacy by contacting the concerned bank.

Related article: ICC Cup Event Could Be Fodder for Phishers

» SPAMfighter News - 9/15/2009