I was in no way thought of writing this post today. I mean, it was not in my list of scheduled posts. But I was just going through my spam folder and found a phishing email claiming to be from “Bank of India” though I have no accounts in that bank. It talks about talling Enhanced Online Security and hence wants the customers to reactivate their online account by submitting details again.
Now first of all we will talk about what a phishing email is. Phishing e-mail, disguised as an official e-mail from a (fictional) bank. The sender is attempts to trick the recipient into revealing confidential information by “confirming” or directing it at the phisher’s website. Although the URL of the bank’s webpage appears to be legitimate, it actually links to the phisher’s webpage.
I have pasted the email above. Even though I knew at first sight, It was a phishing email but many innocent and ignorant guys will think its a genuine email.
Now, Lets talk about how to recognize that it is a phishing email. First of all, bank will never send you emails like this which require you to reactivate your account even if it installs a new security system.
Now, If you try to just hover your mouse on the link that ask you to get clicked, You can see the actual URL in the status bar ( bottom of your browser). If you havent enabled status bar, just right click on that link and you can copy the URL. Just paste the URL anywhere or even in browser but do not open it. You will see its pointing to somewhere else instead of your normal Bank website.
You should never click a URL in the email if its related to your banking , personal or financial stuff.
I went a step further and opened the link in the browser. The link led me to a webpage similar to Bank of India Login page. Just have a look.
The webpage is looking a bit topsy turvy, the reason being I opened it inside Ubuntu and Firefox in a Virtual environment. It will look good in perhaps IE or Windows.
You can easily know its a phishing URL if you see the final webpage URL. First it wont have a secure connection which means it wont be having https in the URL, just http. It may also contain just the numbers instead of Domain name of bank.
I went one step further. I logged in using a simple username “phishingtest” and same login, and it moved to next screen.
The next page asks you everything starting from your Debit card details, ATM PIN and Transaction password.
So if someone false into this trap , all his information is lost and is available to the phishing guys. I wrote all this in such a details for those novice users, who can be victims of phishing emails like this.
Similar Posts:
- Use OpenDNS to browse Internet faster, safer and smarter – Part1
- Reset / Recover Firefox Master Password
- Synchronize your Firefox bookmarks, history, tabs and passwords wherever you go.
- Beware of Facebook password reset mails (Phising)
- Secure & Anonymous browsing with ibVPN – 20 Premium accounts (3months) Giveaway
- Browse web safely with WOT (Web of trust) Firefox/ IE /Chrome Addon
- Free license Giveaway of either Mozy Home or Carbonite Backup for 1 year
- Winners : ibVPN – 20 Premium accounts (3months) Giveaway
- 15 best free VPN for secure Anonymous Surfing
Avinashtech is a Revenue Sharing blog, Write for us and earn money. Read here for more info. Need help with your Laptop or desktop? Want to Share something or give feedback Use the FORUM
{ 1 trackback }
{ 2 comments… read them below or add one }
Thanks for this very important alert, Avinash.
Hi Thanks Avinash for this important piece of article,surely only a dumb or totally unsuspecting person will only fall for this dirty trick.As earlier suggested,use of phishtank add-on can help.But awareness of the person on these things really matters.