What is Phishing?

 

Phishing is a form of social engineering attack used by cyber criminals to steal sensitive information. Customers of leading Banks throughout the world have been a targeted by Phishing. Phishing uses Spam mails to deceive consumers to disclose their credit card numbers, bank account information, passwords, and other sensitive information.

 

Phishing attacks involve the mass distribution of spoofed e-mail messages with return addresses, links, and branding that appear to come from legitimate businesses the potential victims deal with—for example, banks, insurance agencies, retailers, credit card companies, or Internet service providers (ISP).

 

The Phishers tell recipients of the spoofed mails that they need to “update” or “validate” their billing information to keep their accounts active, and then direct them to a web site that looks like that of the legitimate business. The unsuspecting consumers submit their financial authentication information to what they believe to be their legitimate business contact, but in fact it is going to the scammers who use it to order goods, services, and obtain credit leading to identity theft.

 

How to Avoid Becoming a Phishing Victim?

 

1)      If you receive an e-mail that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the e-mail. Instead, contact the Bank using a telephone number or Web site address that you know to be genuine.

2)      Never download software or files from an unknown source; they might contain Phishing Trojans.

3)      Don't trust suspicious e-mail headers and avoid filling out forms in e-mail messages.

4)      Verify the legitimacy of a web address with the Bank directly before submitting any personal information.

5)      Don't click on a link in an e-mail message from a company until you ensure the legitimacy of the company.

6)      Protect yourself through education and thorough evaluation. Don't trust everything you read.

7)      Verify the legitimacy of the company first before acting. Make a phone call to your branch if you smell any thing fishy….

8)      Be alert to Phishing messages.

9)       We do not contact our customers via e-mail to request that they update their files or to verify an account or security setting. We would never ask to provide your username, password, credit card number, full name, bank account number etc through mail.

10)   If you do go to a link offered in an unsolicited e-mail, check to see if   there are two things at the site:

         an https—with an "s" after the http in the address

         a lock at the bottom of the screen

 

If you see both, check the digital certificate validity on clicking the lock at the bottom of screen and then proceed with the transactions you intend to do.

 

11)   Ensure that the emails would not contain any embedded links or ask the users to fill information in forms.

12)   Email from the bank would never ask the users to download software program from other sites or ask them to go to other sites apart from known banking sites.

13)   Always visit the web site by directly typing in the address in the browser and to look for secure website indications (https connection and lock icon) when submitting username, password, credit card number or other sensitive information via the Web browser.

14)   Users should always be suspicious of any email with urgent requests for personal information.

15)   Keep your browser up to date with all the security patches applied.

16)   Have well configured personal anti-spam and anti-virus software on the computers.

17)   Use a simple pop-up blocker to help in stopping automatic execution of malicious code.

18)   Use anti-spyware tools occasionally to remove any lurking Spywares from the computer.

19)  In case of any doubt or suspicion, please contact us via e-mail to cbsnethelp@centralbank.co.in