Important Security Alert: Phishing Mail Attack of Nationalized Banks in India

Written by Pavan Kumar on September 8, 2009

Advertisements

BE YOU AN INDIAN RESIDENT OR WHATEVER, ITS A MUST READ FOR EVERYONE

I had always seen a lot of people discussing about phishing attacks related with Paypal, but never knew such a horrible fact that spammers have turned their focus on Indian local bank customers. It was cleared when I myself got a mail on my mail box.

Punjab National Bank is quite a popular bank in India with its branches in most of the major cities. I don’t have much idea about the bank and also that is not needed here. Recently I found a mail in my spam box (Thank God!) which was almost similar to what I have read of Paypal phishing mails. Here is the screenshot of the mail:

PNB Bank phishing mail scam

Here is what the mail read:

Dear customer,

Your access to Online Banking services has been Limited.  This was as a result of a miss-match access code discovered between your Online Access details in our database during our last maintanance this Month.

Hence you are required to Re-activate your Online Banking details to enable our server update your information to match with our latest Online Security upgrade.  Please follow the Re-activation Reference below:

Re-Activate Your Online Banking Details

Important Notice:- You are strictly advised to match your information correctly and carefully to avoid service suspension of your account.

We apologize for any inconvenience.

Thank you for using National Bank of Punjab !
© Punjab National Bank. All rights reserved.

Information on protecting yourself from fraud, please review the Security Tips in our Security  Center.

The most important point to consider is that the text Re-Activate Your Online Banking Details was linked to their website where they have published an attack site.

Hyperlink on the phishing attack mail link to attack site

Ok, enough now, don’t visit the website. Its a replica of original webpage of PNB Net Banking, let us compare both one below the other.

genuine net banking website

net banking webpage setup for phishing attack

Indeed, there are very minor changes in them, but not even regular users can easily notice the difference.

Heading over to login page:

 

genuine net banking login page

fake net banking login page

 No more games can be played with genuine website, but fake one accepts further gaming. I tried with user id kk

logged into phishing website

Ok, I have fake details for everything. Let me help you withdraw my fake funds.

Enjoy hacker, have a good day.

complete phishing operation

The real movie does not end here. Its you, the customer who need to be aware of all such scams keep yourself alert. I already have a few important videos to watch and learn about phishing. Check out this and this.

Always remember few important facts:

  • Never click on links on such mails even if they appear to have come from your bank and its normal mail id.
  • Never enter user id and password for banking sites until you confirm the page is secure (url starts from https:// and hovering on favicon says its verified and status bar shows a lock which indicates the site is authentic).
  • Delete the mail. You may also forward it to reportphishing@antiphishing.org and spam@uce.gov
  • Don’t visit the link. If you visit accidentally, don’t forget to report web forgery.

Hope these points help you and you never fall into such scams. Further read these Paypal security tips which are important for everyone who use Paypal.

       

Subscribe to RSS Feed or Get updates on your inbox:

People who liked this also read:

Category: internet

 

Tags: , , ,

 

6 Readers responded to this post

Great post.

It should help lot of ppl who get into this…

By Nihar on September 9th, 2009 at 11:40 am    

Well, not only PNB, i just received similar mail for ICICI bank too..dont know how they got to know about this thing. I complained to my bank and they are taking action,..most imp thing i got mail from icic.com…

the link was looking so genuine as it was asking to login at infinity.icicbank.com..

I know what phisping means but others who dont know this will become victim for sure..

By ankit on September 10th, 2009 at 10:48 pm    

@ Ankit,

Good to know you identify such scams. Its our responsibility to spread awareness about such online scams.

By Pavan Kumar on September 10th, 2009 at 11:34 pm    

thanks for the info pavan..
i shocked to see the simlarity bet the origianl and the fake site.. onething to say these hackers are great.. abs dont have idea abt this.. great info dude and i wonder we may get such things in other banks also..

By Sreendhi on September 10th, 2009 at 11:42 pm    

I too received one such email asking for these details today.
That email takes me to the page “http://www.internetmyway.com/online/punjab.html”.
Users beware of going to this site and accidently entering your User data.

By Nipun on January 11th, 2010 at 9:47 am    

I had a similar issue with UTI (Now Axis Bank). Thankfuly i knew it was a fake and got ris of it immediately.

By Rahul on April 4th, 2010 at 11:03 am    
2 Blog responses for this post
Leave Your Comments Below / Trackback

Featured Posts

    About The Author

      Pavan Kumar

      Pavan Kumar completed Engineering in Electronics and Communication in the year 2008. He is very enthusiastic and keen to work on different aspects of computer, internet and mobile related fields. The articles here reflect his creativity. This blog was started as a showcase of solutions for different problems and today it has got a good reputation in the blogosphere. Read More...

    © 2024 - TechPavan.com. All rights reserved.

    All content provided in this site are the property of TechPavan.com and is free for non-commercial usage. Read our Privacy Policy here.

    Any kind content on this site cannot be reproduced in any form without permission of the author. We are not responsible for any loss or damage which may occur due to any of our content.

    Site hosted on Bluehost powerful servers.