Mumbai Man Accused of Phishing HDFC Bank Accounts Faces Arrest

On February 8, 2008, Surat police arrested a man from the western suburbs of Mumbai for making illegal withdrawals of Rs.12 lakhs from HDFC Bank accounts of customers in Karnataka, Maharashtra and Uttar Pradesh. The theft occurred in the past year (2007).

The Surat police said that the detainee, Jitesh Kishan Gavit, committed the theft by phishing - a method of fraud applied online to acquire people's usernames, passwords as well as credit card information by pretending to be a trustworthy party.

D P Vashisth, a resident of Versova, for example, was perplexed to find in January 2008 that his account displayed funds short of Rs. 20,000. The money was found transferred to the account of someone named Paresh Dhaduk in Surat via net banking.

According to the police, Gavit regularly transferred money from various HDFC Bank accounts to Paresh's account and Paresh has so far withdrawn Rs. 79,000. One officer said that evidences from the case indicate that there has been similar hacking of several other accounts and money drainage from them. During investigation, Gavit disclosed that he operated on behalf of a Singapore-based phisher syndicate.

The investigators are also probing to find out if Gavit was a 'money mule' at Singapore or was directly engaged in phishing activities. A 'money mule' collects illegal money in his account, takes it out and transfers the amount to its gang leader after retaining his commission.

Following the incident, the HDFC Bank alerted its customers in December 2007 recommending them to follow safe banking practices. The bank also informed the police about the incident and they are investigating into it.

Police believe the fraudulent operation is part of a phishing attack, which does not take place unless a person gives out his account details. It is therefore important not to share one's account information even with an employee of the bank.

According to CERT (Computer Emergency Response Team) India, there has been an increase in phishing attacks to 392 in 2007 from 335 in the previous year. Of these total attacks, 24% were targeted on banks and other financial institutions.

Related article: Mumbai Police To Become Cyber Cops

» SPAMfighter News - 2/25/2008