Phishers Use UTI’s Name Change as Their Bait

A leading bank in India, UTI bank, has given itself a new name - 'Axis'. The confusion that follows has become bait for phishers. They are spamming phishing e-mails in attempts to empty the bank customers' accounts by exploiting this name change, warned security experts at MicroWorld Technologies.

As is common with phishing e-mails that target Indian banks, this e-mail too recommends a certain security upgrade. An image appears on the top bar of the e-mail that says UTI bank's name is changed to Axis Bank while everything else remains the same. These words are lifted straight from the true page of utibank.com.

The e-mail message announces the New Security Upgrade from Axis Bank Internet Banking. It explains that the bank has upgraded its new SSL servers in order to improve and secure the banking service for its customers against fraudsters' activities. Then it requests the recipient to update his/her account information as a result of the upgrade. The email shows a link and asks the reader to follow it.

In the end, the message threatens the recipient to update within two days time failing which, he/she may not be able to access his/her account.

Although the hosting company of the phishing website has shut down the site, there are many chances the e-mail would bounce back with reference to another site hosted elsewhere, said Sunil Kripalani, vice president, Global Sales and Marketing, MicroWorld Technologies. HNS published this in news on August 9, 2007.

However, Axis bank's actual Website has published a statement, which says that the bank never asks customers to supply their security details such as passwords for phone banking or Internet banking over e-mail, phone, or any other means. The statement cautions customers never to reveal their passwords to any person, not even the bank employee. However, if any customer receives e-mail or a bank employee asks for his/her password, then the person should report to the bank.

A phishing scam succeeds as a result of the social engineering tactic applied in it, to get the maximum number of people to click the link and do as the instructions direct.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 8/23/2007