BUSINESS

A guide to e-mail banking scam

By Priya Ganapati in Mumbai
June 25, 2004


 Did you know that e-mails, long considered the most convenient form of communication, can actually spring some nasty surprises for you?

Recently, a few ICICI Bank customers in Mumbai, to their utter dismay, discovered that e-mails can be extremely hazardous, if not to their health, at least to their security.

These ICICI Bank customers received an e-mail from someone who posed as an official of the bank and asked for sensitive information like the account holder's Internet login name and password and directed them to a Web page that resembled the bank's official site.

When some customers wrote in to find out what the e-mail was about, the bank officials registered a complaint with the police.

New as it may be in India, it is actually a popular banking scam, a warning against which had been issued by many international banks including Barclays and Citibank.

rediff.com presents a guide that will help readers understand what the scam is about and how they can stay clear of it.

What happened in the case of the e-mail scam involving ICICI Bank?

A few customers of ICICI Bank received an e-mail asking for their Internet login name and password to their account. The e-mail seemed so genuine that some users even clicked on the URL given in the mail to a Web page that very closely resembled the official site.

The scam was finally discovered when an assistant manager of ICICI Bank's information security cell received e-mails forwarded by the bank's customers seeking to crosscheck the validity of the e-mails with the bank.

Such a scam is known as 'phishing.'

What does phishing mean?

Phishing means sending an e-mail that falsely claims to be a particular enterprise and asking for sensitive financial information. Phishing, thus, is an attempt to scam the user into surrendering private information that will then be used by the scammer for his own benefit.

Phishing uses 'spoofed' e-mails and fraudulent Web sites that look very similar to the real ones thus fooling the recipients into giving out their personal data. Most phishing attacks ask for credit card numbers, account usernames and passwords.

According to statistics phishers are able to convince up to five per cent of the recipients who respond to them.

How can you make out if an e-mail is genuine or not?

There are ways to 'spoof' an e-mail so that it appears to come from someone other than the person who is actually sending it. E-mail spoofing is a popular way of scamming online. An e-mail can be spoofed by tweaking the settings of e-mail clients like Outlook Express, Netscape Messenger and Eudora.

However, finding out whether an e-mail is genuine or not is not very difficult. Every e-mail message contains headers that have the following information:

Check out this URL: http://www.lse.ac.uk/itservices/help/e-mailheader.htm for an example of what the different things in an e-mail header mean.

By learning how to identify what the header components are you can distinguish whether an e-mail is genuine or spoofed.

That sounds a little complicated. Is there any easier way?

Not really. But following these three guidelines can help protect you.

What are the other popular e-mail scams?

The Nigerian scam is another very popular e-mail related scam that has found a few victims in India.

The scam itself is simple. An e-mail, which claims to be written by a prominent official from an African country asks the recipient to help them release millions in the bank and offers them a share of the bounty.

Once the recipient responds he is asked to visit the (African) country and meet with officials to collect the money. But once there, instead of getting money, he is forced to cough up a considerable sum.

This scam is known as the 'Advance Fee Fraud' or '419 Fraud,' after the section of the Nigerian Penal Code that specifically prohibits this con.

If you are interested in knowing more about this check out this link: http://www.crimes-of-persuasion.com/Crimes/Business/nigerian.htm

Priya Ganapati in Mumbai

NEXT ARTICLE

NewsBusinessMoviesSportsCricketGet AheadDiscussionLabsMyPageVideosCompany Email