If you receive an email purportedly coming from the
leading Indian bank ICICI, telling you to update your
Account Information online, do not click on the link
in it. The mail is a new phishing bait from scamsters
attempting to loot money from customer accounts, warn
security experts at MicroWorld Technologies.
The fraudulent email boldly carries the logo of ICICI
bank in its top bar to trick the recipients. The content
of the mail is as follows:
Currently, you are on the ICICI Bank Company Mailer
------------------------------------------------------
------------------------------------------------------
Now we are updating our 128-SSL Secured Server
to 256-Encrypted SSL Secured Server which is highly
sophisticated server to maintain your personal information
as our prior service to you.
------------------------------------------------------
During our regularly scheduled account maintenance
and verification procedures, we were unable to verify
your account information. It has come to our attention
that your account information needs to be updated
as part of our continuing commitment to protect your
account and to reduce the instance of fraud on our
website .We demand that you take 5 minutes out of
your online experience and renew your records to avoid
running into any future problems with the online service.
------------------------------------------------------
If you are maintaining ICICI Bank Individual Account
than, Click on link xxxxxxxxxxxxxxxxxxxxxx. If you
are maintaining ICICI Bank Corporate Account than,
Click on link xxxxxxxxxxxxxxxxxxxxxxxxxxxx
The mail contains two web links. If an unsuspecting
victim clicks on the first link in the mail, a webpage
that looks much like the authentic login page of ICICI
bank for regular users pops up. The URL appearing
in the address bar shows iikii.com, remarkably similar
to icici!
The fake login page
The fake webpage tells users to key in their vital
account information. Apart from the username and password
fields present in the actual website, the page also
demands victim's ATM card number and Transaction Password.
The second link opens up a fake login page for corporate
account holders, where similar information is sought.
Once the victim enters the details, they go straight
into the hands of criminals behind the scam.
"We had warned about a similar Phishing mail
in the name of ICICI bank last year. This one too
seems to be coming from the same group of people as
it's strikingly similar in content and approach. Another
point to be noted is that the conmen behind this mail
is trying to make as much hay as possible while the
sun is out, as they are asking for ATM card numbers
and transaction passwords as well," points out
Manoj Mansukhani, Head - Global Marketing, MicroWorld
Technologies.
"Compared to the current Phishing techniques
seen in US and Europe, in which they use advanced
Trojans and DNS Poisoning, this mail is rather an
old sample in format and technology. But in India,
where more than half of the online banking population
has never heard of the word 'Phishing', mails like
this can easily hook many victims. While it's important
to increase user awareness about this issue, one should
also know that these mails can be blocked using advanced
security solutions," Manoj adds.
