Yet Another Phishing Attack on UTI Bank
Cyberspace fraudsters have again embarked on their criminal act. And, this time they've come down on the website of UTI Bank through a phishing attack. UTI Bank is a leading private bank in India enjoying its promotion by Unit Trust of India (UTI), the country's largest financial institution.
The phishers have crafted a URL on Geocities that is nearly a copied version of the Bank's home page and are circulating it through e-mail link. The web page asks for several personal information of the user such as username, transaction login and passwords. In addition it has also inserted disclaimer and security hazard notes.
As soon as an unwary account holder submits his login id, password, transaction id and password as asked by the spurious bank web page, all that information gets transmitted to the phisher(s).
According to ZDNet's news published on January 15, 2007 the President - IT, UTI Bank. Mr. V. K. Ramani said that the bank was planning to close its site. They have also kept customers in the loop while they are processing the initiative.
The security department of the UTI Bank has reported that the phishers have sent e-mails to more than 100,000 account holders of this bank and other. Though the bank has launched damage control processes, none of them is entirely free from being harmed.
According to Ramani the bank has no way to differentiate between fraud and legitimate users who log in with correct user information. However, there's so far no confirmation of losses from this particular attack.
There have been earlier incidents of phishing attacks too, on UTI customers. The last was in December 2006. At that time Delhi police caught four Nigerian nationals along with an Indian for robbing Rs.20,00,000 off 30 customers. The fraud surfaced and came in notice when a certain UTI account holder found a contradictory entry in her account.
There were 86 phishing attacks in 2005 that doubled to 200 in 2006, as per data of Computer Emergency Response Team, India. Most banks across the country have posted alerts on their websites. Many have even set up campaigns to caution investors against such phishing attacks.
Related article: Youth’s Bank Account Used in Transferring Phished Funds
» SPAMfighter News - 19-01-2007