Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Phishers Use UTI’s Name Change as Their Bait

A leading bank in India, UTI bank, has given itself a new name - 'Axis'. The confusion that follows has become bait for phishers. They are spamming phishing e-mails in attempts to empty the bank customers' accounts by exploiting this name change, warned security experts at MicroWorld Technologies.

As is common with phishing e-mails that target Indian banks, this e-mail too recommends a certain security upgrade. An image appears on the top bar of the e-mail that says UTI bank's name is changed to Axis Bank while everything else remains the same. These words are lifted straight from the true page of utibank.com.

The e-mail message announces the New Security Upgrade from Axis Bank Internet Banking. It explains that the bank has upgraded its new SSL servers in order to improve and secure the banking service for its customers against fraudsters' activities. Then it requests the recipient to update his/her account information as a result of the upgrade. The email shows a link and asks the reader to follow it.

In the end, the message threatens the recipient to update within two days time failing which, he/she may not be able to access his/her account.

Although the hosting company of the phishing website has shut down the site, there are many chances the e-mail would bounce back with reference to another site hosted elsewhere, said Sunil Kripalani, vice president, Global Sales and Marketing, MicroWorld Technologies. HNS published this in news on August 9, 2007.

However, Axis bank's actual Website has published a statement, which says that the bank never asks customers to supply their security details such as passwords for phone banking or Internet banking over e-mail, phone, or any other means. The statement cautions customers never to reveal their passwords to any person, not even the bank employee. However, if any customer receives e-mail or a bank employee asks for his/her password, then the person should report to the bank.

A phishing scam succeeds as a result of the social engineering tactic applied in it, to get the maximum number of people to click the link and do as the instructions direct.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 8/23/2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page