Online banking (Netbanking) has come of age in India – the younger crowd, with internet access in offices and in IT jobs, opt to conduct most of their banking transactions online. The banks themselves encourage it too. Banks link ICICI, ABN Amro, Citi, HSBC and HDFC now actively encourage their users to manage their accounts online. And as online banking gets popular, attempts to gain access to bank users’ emails and passwords – phishing – has picked up in India too.
Today when I opened my mailbox, I was greeted with an official-sounding email from Punjab National Bank. Now, I don’t have a Punjab National Bank account! So I was in no danger. It was obviously spam, or a phishing attempt. When I opened the mail, this is what I saw:
UNAUTHORIZED NETBANKING ACCESS ON YOUR ACCOUNT
In the last few weeks our security team has observed some login attempts in your Internet Banking Account from Various Blacklisted IP Addresses ,therefore been blocked to prevent further unauthorized access for your safety. Therefore, we have decided to put you on an extra verification process to insure your identity and your IP Address for your safety and for your Internet Banking Account.
Click On link for Retail/Personal NetBanking Access https://retail.onlinepnb.com/update.jsp
Click On link for Corporate/Business NetBanking Access https://corporate.onlinepnb.com/verify.jsp
Please update your records on or before 48 hours failure to update your records will result in a temporary hold on your funds.
Copyright © 2008 Punjab National Bank
Note, those URLs look fine, but they are actually not linked to the PNB site, but to a phishing site. Click on them, and you are taken to a site that looks exactly like the Punjab National Bank site. The page asks you to key in your account number, username and password. Key it in, and you may lose your money forever.
The crooks attempting this would have sent this email to a massive number of people, hoping that a very small percentage of them would be PNB account holders, and some of them would fall for this.
So this is a warning to all internet banking / net banking users in India. Double check every mail that looks like it is from your bank. Check the actual URL of the links given by hovering your mouse over the link, and looking at the URL in the browser status bar.
Banks normally never send a mail saying that your account access would be disabled. If any such mails come to you, assume it is a phishing attempt first.
Today it is an attempt on PNB online banking users, tomorrow it might happen to users of other banks.
If you really think the email is genuine, call up the bank’s call center and talk to them to verify if it really is.
You can never be too cautious on the Net.
Popularity: 12% [?]