Tech Xpress

You've Got Mail? Good! Now Save your Bank Account

Our previous post (Hoax Email misleads top selling newspaper), which was an example of the consequences of blindly believing in email, left me wondering about the level of confidence of users on the authenticity of an email message.
If a top selling daily can fall prey to fraudulent email, SO CAN YOU!
Let's take 3 cases of some common variants of possible email frauds:
  • Picture this! You receive an enticing email message from some unknown person promising manifold returns from your investments.

  • You get a mail offering a fat salary job even though you never applied for one! Offcourse you'll be asked to pay some amount beforehand for whatever lame reason.

  • You get an urgent message from your bank prompting you to login to your bank account or provide sensitive credit card details.
Unfortunately, naive users will be easily trapped here because of a lack of understanding or knowledge and most of all, lack of experience of such a situation.
Wait a minute! Even the not-so-naive and advanced users fall for this, especially in the third case, which is what we will be covering in this article.
By the way, its puzzling to know that many people still get tricked by the first two cases; How could that be possible?

How are people trapped?
Email being a very popular communication medium, is a very easy and seemingly anonymous conduit for hackers to phish sensitive information such as bank account details from users.

You receive a mail from what seems like your bank, asking you to fill a form or click a link to login to the bank account.
Note the sender's address of the mail. Even if the sender address looks valid like admin@yourbank.com, don't believe it. Its probably been spoofed.

The email will surely try to persuade you to click on the links present in the mail to login to your account. Those who click on the link will be taken to a login web page which looks exactly like your bank website. Yes! It is a fake site which cleverly impersonated the original bank website.

Never ever enter your user id and password from here to login. Users who try to login from here unknowingly, will receive a cannot connect or server too busy or whatever message when in fact, their user ids and passwords will be saved in the computer of the fake website for the hacker to use.

If an email induces you to call the phone banking number provided with the mail, you are probably being trapped. There have been cases where criminals have set up a system which fluently simulated an automated phone banking facility where people have been caught unaware, thus providing their bank details through the phone.
The not-so-techie criminals may use a fake tele banker to extract details from people.

Precautions you can take to avoid being phished
If you receive an email from your bank :

  • Don't trust the email message even if the sender address looks valid.

  • Check if the email message begins with your full name. For eg. Dear Mr Sean Smith instead of Dear Sir. Most banks use their customer names.

  • Never click on a link from an email.

  • Don't reply to a suspicious looking email. Never reply if its from your bank.

  • Always check with your bank if you get an urgent mail. You can either call or visit the bank.

  • Make sure you manually type the correct official bank website address in the browser window.

  • Never call your bank from the phone numbers listed in the mail. In fact, don't use any of the contact methods mentioned in the email. The bank's website will have the contact numbers.

  • Always re-check the address you've typed in the browser address bar. For eg www.youtbank.com instead of www.yourbank.com. There is a possibility of the first address being used to cheat unsuspecting people.
Not just banks, your mail account can also be phished
Here's a nice screenshot I saw at flickr (Thanks to the original uploader,ssufian ).


The Thunderbird email client has detected a fraud email message. Notice the login link provided in the mail. It looks like a valid google account address. However, the status bar in the picture points a different link.

Conclusion

The message here is loud and clear. DO NOT always believe in what you read in your email.
Email is not the only culprit, the user too is responsible.

The latest versions of popular web browsers Internet Explorer (7) and Firefox (2) include anti-phishing capabilities. These browsers check for notorious sites from a predefined list of phishing sites. This dosen't mean that you're safe when using IE, Firefox or infact any anti-phishing software.
Phishing sites being easy to set up, are becomming common place and don't expect all of these sites to be present in the different anti-phishing databases of vendors.

Hope you find this article useful. Till then, surf safely.


Security Update:

Today I stumbled upon this video (at TechEBlog) on how someone could clone your credit card, while you are paying your restaurent bill. Check it out.






Discuss this topic..Click here to Leave a Comment...

If you like this, click here to get updates by email

Click here to subscribe to Feeds

Image source: Softpedia

Tags:

Labels: , , ,

posted by Vijeesh Ravindran, Saturday, January 20, 2007


0 Comments: