Yesterday I received an e-mail from “firstname.lastname@example.org” which was fake and had a HTML attachment with a link to a phishing site to gather all the personal information and hack into SBI and other bank accounts.
The HTML attachment contains the following text:
Dear Valued Customer, Your account has generated an Error code SB-907 in our new security system due to mis-match access. Please login via the security
link below to resolve this problem in order to enroll your SBI account in the new online System for mixmum security protection against online phishing.
For security reason all information should be match correctly to avoid account suspension,
including hint question and answer that you had set for the Profile password.
CLICK HERE TO RESOLVE THIS PROBLEM
Thank you for using STATE BANK OF INDIA
© SBI . All rights reserved.
the link on that page directs to a phishing site http://gymbrand.com/includes/js/tabs/sbi/indexx.html which has an interface similar to https://www.onlinesbi.com/ which is UNSAFE and intended to steal your login info and other details.
How to avoid being victim of such phishing scam?
Always look for the Green Security seal in the address bar. Websites protected by SSL Security will have security certificate which will be shown in Green by Firefox. Chrome and IE would be showing it differently. In this case the address bar will appear as shown in the images below:
Avoid online transactions on websites which don’t have security certificates, information entered like you password or your credit card details can be easily grabbed and misused. Moreover, always keep an eye on the address bar while logging in every site whether its Facebook or Gmail, etc. always check the spelling in the address bar.
How to report a Phishing Website?
Best way to report a phishing site is through Google.
Visit the Report Phishing Page http://www.google.com/safebrowsing/report_phish/
Enter the Website address, Fill the captcha text, comment(optional) and Submit Report.
Alternately, you can visit http://www.us-cert.gov/nav/report_phishing.html and follow the instructions on the page.
Hope you find this post informative. Beware of increasing Online Scams and Phishing attacks.