What is Phishing?

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by posing as a trustworthy site in an electronic communication. Most of the online banks are common targets. Phishing is typically carried out by e-mail or instant messaging, and often directs users to enter details at a website, although phone contact has also been used at times.


What is Vishing?

This form of fishing for valuable information is called “vishing”. As you’ve probably guessed, it’s a variation of the term “phishing” – and the V stands for Voice.

We can sometimes be less guarded when a phishing attack comes through the phone lines.


Have you ever got a mail like this?

From: HDFC Bank mailto:ibanking@HDFCCbank.com
Sent: Tuesday, April 16, 2010 9:41 IST
Subject: HDFC Online Banking Customer Alert
Account Notification,
You are receiving this message, to notify you about our new improved online security software This new secure socket layer (SSL) software has just been newly implemented to help secure our valued customers,from any form of unauthorized access to their account especially from different ip's So we HDFC Bank is alerting all our numerous customers to upgrade their account to this secure server software.
my account activity
Customer Service
HDFC Bank.


How to Spot Phishing Emails

It is easy to uncover a crude phishing scam. For example, if you get an email from a bank you’ve never opened an account at, then don’t follow the link and enter your personal information. Now, if you actually have an account at the institution it gets more interesting.

You’ll want to look at the message carefully to see if it is a phishing scam. Are words misspelled? Sometimes scammers operate in a second language and they give themselves away by using poor grammar.

You should also examine the link provided. Does it really go where it appears to go? The best way to prevent this is to bookmark your bank website as a favorite in your browser or type the URL in the address bar yourself.

The best way to avoid becoming a phishing scam victim is to use your best judgment. No financial institution with any sense will email you and ask you to input all of your sensitive information. In fact, most institutions are informing customers that “We will never ask you for your personal information via phone or email”.


Safety tips to avoid Phishing

When you receive emails claiming to be sent by banking institution asking you to enter your account details, DO NOT do so! Your bank already has your details and clearly would not want them again.

Check if the email that you receive has your name spelt correctly. Fraudsters simply try to guess your name by your email address. DO NOT open emails that have your name spelt incorrectly.

Check the email to see if it is addressed to your name. Fraudsters never personalize emails, they will refer you as “Dear Customer” or “Dear Valued Customer” because they send emails randomly to a million email addresses and they even don’t know that you have an account with the bank. Your bank or e-commerce company on the other hand will refer you with your name.

DO NOT respond to emails that seem like they are sent from your bank. Some of the claims made in these emails may be the following:

  • You are to receive a refund
  • The bank is trying to protect you from a fraud
  • The bank needs some security and maintenance update on your account

If you receive such email always check back with your bank directly or speak to the customer service representative of the bank.

NEVER enter your credit card details and password in a website which you suspect is not genuine.

DO NOT share your account details, password, or credit card details with anyone who you do not know or trust.

DO NOT open unsolicited emails.

It is a good practice to type in the URL of your bank yourself, or bookmark it if the URL is difficult to remember.

DO NOT follow links to a banking website from another website or email.

Verify a website’s URL carefully before you provide your login details on any web page. Fraudsters create fake websites that have URLs closely resembling the original.

Log in to your accounts regularly and look for account transactions that you do not recognize.

DO NOT send your account details and/or password over an email to anyone.

If you get a phone call about one of your accounts, hang up and call the institution. Dial the number that appears on the back of your credit card or on your statements. Then, you know you’re in the right place and they can take care of any issues on your account.