Beware: SBI Fraudulent email to Steal Personal and Financial Information

Beware: SBI Fraudulent email to Steal Personal and Financial Information

5 1

Yesterday I received an e-mail from “alert@sbi.co.in” which was fake and had a HTML attachment with a link to a phishing site to gather all the personal information and hack into SBI and other bank accounts.

alt

Many users  have been receiving such fraudulent emails lately from alert@sbi.co.in or update@sbi.co.in

 

sbi fraud

The HTML attachment contains the following text:

 

Dear Valued Customer, Your account has generated an Error code SB-907 in our new security system due to mis-match access. Please login via the security
link below to resolve this problem in order to enroll your SBI account in the new online System for mixmum security protection against online phishing.
For security reason all information should be match correctly to avoid account suspension,
including hint question and answer that you had set for the Profile password.

CLICK HERE TO RESOLVE THIS PROBLEM


Thank you for using STATE BANK OF INDIA
© SBI . All rights reserved.

 

the link on that page directs to a phishing site http://gymbrand.com/includes/js/tabs/sbi/indexx.html which has an interface similar to https://www.onlinesbi.com/ which is UNSAFE and intended to steal your login info and other details.

sbi fake site

 

How to avoid being victim of such phishing scam?

Always look for the Green Security seal in the address bar. Websites protected by SSL Security will have security certificate which will be shown in Green by Firefox. Chrome and IE would be showing it differently. In this case the address bar will appear as shown in the images below:

sbi firefox

Firefox

 

sbi chrome

Chrome

sbi ie

Internet Explorer

Avoid online transactions on websites which don’t have security certificates, information entered like you password or your credit card details can be easily grabbed and misused. Moreover, always keep an eye on the address bar while logging in every site whether its Facebook or Gmail, etc. always check the spelling in the address bar.

 

How to report a Phishing Website?

Best way to report a phishing site is through Google.

Visit the Report Phishing Page http://www.google.com/safebrowsing/report_phish/

Enter the Website address, Fill the captcha text, comment(optional) and Submit Report.

Alternately, you can visit http://www.us-cert.gov/nav/report_phishing.html and follow the instructions on the page.

 

Hope you find this post informative. Beware of increasing Online Scams and Phishing attacks.

5 COMMENTS

  1. Hi,
    Thanks for this post. I had been getting this email lately and I had been ignoring it completely not even bothering to open the attachment. Being a software engineer makes me cautious about these emails I guess. I just wanted to find out whether it is real and glad to know that my suspicions were correct. Thanks a lot for taking your time for posting this.

    regards,
    Raj

Leave a Reply