INDIAFORENSIC |
Soft solutions to Fraud Problems |
|
|
Did you know that e-mails, long considered the most convenient form of communication, can actually spring some nasty surprises for you? Recently, a few ICICI Bank customers in Mumbai, to their utter dismay, discovered that e-mails can be extremely hazardous, if not to their health, at least to their security.These ICICI Bank customers received an e-mail from someone who posed as an official of the bank and asked for sensitive information like the account holder's Internet login name and password and directed them to a Web page that resembled the bank's official site.When some customers wrote in to find out what the e-mail was about, the bank officials registered a complaint with the police. |
|
New as it may be in India, it is actually a popular banking scam, a warning against which had been issued by many international banks including Barclays and Citibank.rediff.com presents a guide that will help readers understand what the scam is about and how they can stay clear of it. What happened in the case of the e-mail scam involving ICICI Bank? A few customers of ICICI Bank received an e-mail asking for their Internet login name and password to their account. The e-mail seemed so genuine that some users even clicked on the URL given in the mail to a Web page that very closely resembled the official site.The scam was finally discovered when an assistant manager of ICICI Bank's information security cell received e-mails forwarded by the bank's customers seeking to crosscheck the validity of the e-mails with the bank. Such a scam is known as 'phishing.' |
|
What does phishing mean? Phishing means sending an e-mail
that falsely claims to be a particular enterprise and asking for sensitive
financial information. Phishing, thus, is an attempt to scam the user into
surrendering private information that will then be used by the scammer for
his own benefit.Phishing uses 'spoofed' e-mails and fraudulent Web sites
that look very similar to the real ones thus fooling the recipients into
giving out their personal data. Most phishing attacks ask for credit card
numbers, account usernames and passwords.According to statistics phishers
are able to convince up to five per cent of the recipients who respond to
them. How can you make out if an e-mail is genuine or not?There
are ways to 'spoof' an e-mail so that it appears to come from someone
other than the person who is actually sending it. E-mail spoofing is a
popular way of scamming online. An e-mail can be spoofed by tweaking the
settings of e-mail clients like Outlook Express, Netscape Messenger and
Eudora.However, finding out whether an e-mail is genuine or not is not
very difficult. Every e-mail message contains headers that have the
following information: Origin, which shows information about the
machine that sent it, Relay, which shows the sender machine
relaying it to another, and Final destination,
which shows the machine that receives it, the IP address and the domain
name. Check out this URL: http://www.lse.ac.uk/itservices/help/e-mailheader.htm
for an example of what the different things in an e-mail header mean. By learning how to identify what
the header components are you can distinguish whether an e-mail is genuine
or spoofed. That sounds a little complicated. Is there any easier
way? Not really. But following these
three guidelines can help protect you. A legitimate financial institution
will never ask for details of your account via an e-mail. A corollary to
this rule is that never e-mail financial information over the Internet.
E-mail is not a secure method for transmitting this kind of information. If you initiate a transaction and
want to provide your personal or financial information through an
organisation's Web site, look for indicators that the site is secure, like
a lock icon on the browser's status bar or a URL for a Web site that
begins 'https:' (the 's' stands for 'secure'). Unfortunately no indicator is
foolproof, so always call your local bank and ask for verification before
responding to any form of electronic correspondence that claims to come
from the bank. What are the other popular e-mail scams? The Nigerian scam is another very
popular e-mail related scam that has found a few victims in India. The scam itself is simple. An
e-mail, which claims to be written by a prominent official from an African
country asks the recipient to help them release millions in the bank and
offers them a share of the bounty. Once the recipient responds he is
asked to visit the (African) country and meet with officials to collect
the money. But once there, instead of getting money, he is forced to cough
up a considerable sum. This scam is known as the 'Advance
Fee Fraud' or '419 Fraud,' after the section of the Nigerian Penal Code
that specifically prohibits this con. If you are interested in knowing
more about this check out this link: http://www.crimes-of-persuasion.com/Crimes/Business/nigerian.htm
|