Alerting ICICI account holders

The e-mail looked authentic, and even carried the ICICI Bank logo; the message was clear; and I was close to getting conned online. They call it phishing – pronounced as ‘fishing’. The idea is to fish for sensitive information from unsuspecting customers. The e-mail said my bank account information needed updating “as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website”. The sender: riskofficer@icicibank.com . 

Do banks have such an entity on their staff. The so-called ICICI risk officer clothed his message in software mumbo jumbo such as the bank was in the process of “updating 128-SSL Secured Server to 256-Encrypted SSL Secured Server”. The operative part was that I fill out in a formatted web page my online account user name/ password; credit/debit card number, and transaction log-in code. It sounded very officious, and threatening – “failure to update your records will result in your account suspension”.  

I have this instinctive tendency to fill out anything that is presented in official format. And I got on with it right away. But then I couldn’t lay my hand on my ATM card code. As I tried to recall where to locate it, I re-read the e-mail to ensure that I understood the bank’s requirement, just in case they wanted any other info. That was when I noticed that the mail was addressed to mysoreblogpark@gmail.com. For, by some trick in my software ‘setting’, all MBP mail automatically find their way to my gmail ‘Inbox’. Which explains why I missed the ‘recipient’s’ e-mail ID. 

The point is MBP doesn’t have a bank account. Why, then, should the bank send such a mail? That was when the word ‘spam’ came to my mind. I had read about the con trick, but hadn’t experienced it anytime before. A closer look at the message strengthened my suspicion. The text of the e-mail message had a couple of grammatical errors. And then the mail was sent during a weekend. I know of no bank that would send such routine mail to customers on a Sunday. 

When I brought this to his notice the next morning a bank official spotted spam right away; and promised to act on it. A few hours later, out of curiosity, I tried to access the website linked to the spam mail, to find a phishing alert posted by the service provider. It read, “Internet Explorer has determined that this is a reported phishing site and such sites impersonate other sites and attempt to trick you into revealing personal or financial information”. 

Though the bank took swift action, some account holders may well have  fallen for the con job by the time the scam could be detected.            

Advertisements

3 Responses

  1. I’ve had some for PayPal as well. Like you, the sloppy grammar tipped me off. So at last an education paid off!
    The thing is it looks so innocuous it probably works every now and then. Scary.

  2. You were knowledgebale enough to notice the spam and not to respond. But I am told many just fall for it. Good post… we all need to be very careful.

  3. […] more, this con trick is getting fine tuned,  to prey on vulnerable niche groups. Not so long ago account holders of banks such as ICICI and HDFC were targeted by scammers seeking access to their online […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: