Bank phishing is a technique via which fraudsters try to gather your bank account details using seemingly legitimate emails and web sites. The attack starts with a scam email that is meant to distress and upset you with subjects like “Your account has been hacked“, “Account blocked till futher notice“, “Discrepancy in the account information“, “Change account password” etc.
These emails carry a link to a fraudulent web site that looks like the web site of your bank and would typically carry a login form (form fields for username and password). Aad this is how you get conned into parting with the login details (and ultimately your money!)
This article provides details on how to identify a bank phishing email and advises you on what to do. Logos displayed on this page are copyright of respective companies and were a part of the phishing emails I received. They have been shown here only for the purpose of educating the gullible, informing them of the potential danger of phishing attacks.
You don’t need to be a rocket scientist to understand the loses incurred if the bank login information is shared with frauds. Not only will you lose money – funds can be transferred to bank accounts across the globe in a matter of a few minutes/hours – but you can also end up losing your credibility. Several banks have struck down hard at phishing thugs but occasionally messages do slip through.
Though a bank phishing email might look like one coming from a legitimate source, it will always have some loopholes with which you can easily detect the scam. Generally, scam messages would not be addressed to you (with your name), would be badly formatted and not carry the bank’s logo/colors. Also, the URL of the links in the email might not point to the bank web site. Let us look at some examples.
Supposedly from Citibank, even the most gullible would identify this email phishing as a scam – the logo of the bank is missing and the formatting is messed up. The email does not carry the name of the recipient (just Dear Citibank Internet Banking Customer) and the URL points to an I.P. address and not the actual Citibank web site. However, the words Citibank do figure in the URL.
Email even though it has the bank’s logo, the email can easily be recognized as a phishing attack because of horrid formatting. Also note the URL (web address) displayed on the status bar of Outlook Express which does not indicate that the email is from the bank’s web site.
A much better looking email – in fact it looks almost like the real thing. Two loopholes; it is not addressed to any one and the URL is again a giveaway. However, the URL does have the web site of the bank somewhere in the middle. This is a very smart phishing email.
The most important advice that I can render is not to act rashly. Examine the email closely and if you do want to put your fears at rest, open the bank’s web site in a fresh browser window instead of clicking a link from an email. Thus,
Ray Tomlinson, the inventor of the email system, did not invent the @ sign. It had been in existence for hundreds of years. He just used it in an email address and made it popular once again. [more...]