product-revamp textLeft subNavStatic OnlineSafeBanking
Safe Banking

Internet Banking Mobile Banking Safety Tips & Measures

 

Internet Banking Safety Tips


  1. Monitor your account activity regularly by checking your balances and statements online through icicibank.co.uk. This helps you to detect fraudulent transactions quickly. The earlier a fraud is detected, the lesser will be its financial impact.
  2. Avoid accessing your Internet Banking account from a cyber cafe or a shared computer. However, if you happen to do so change your passwords from your own computer.
  3. To access ICICI Bank UK Internet Banking, always type in the correct URL icicibank.co.uk into your browser window. Never click a link that offers to take you to our website. Then select the Login button which will take you to our login page.
  4. On our login page, check for the "Lock" icon. There is a de facto standard among web browsers to display a "lock" icon somewhere in the window of the browser (NOT in the web page display area).
  5. To protect your login password for Internet Banking, we provide an option of entering your password on the Virtual Keyboard.
  6. ICICI Bank UK does not ask you for any personal information other than your user ID and password when you log into icicibank.co.uk.
  7. If your login IDs or passwords appear automatically on the login page of a secure website, you should disable the “Auto Complete” function to increase the security of your information. To disable the “Auto Complete” function:
    1. Open Internet Explorer and click "Tools" > "Internet Options" > "Content".
    2. Under "Personal Information", click "Auto Complete”.
    3. Uncheck "User names and passwords on forms" and click "Clear Passwords".
    4. Click "OK".
  8. Always check the last log in to your Internet Banking account. Log into icicibank.ca and see the right hand side of the “My Accounts” page to view the date and time of your last log in.
  9. Every time you complete your online banking session, log off from icicibank.ca. Do not just close your browser.
  10. Change your Internet Banking passwords after your first log in, and thereafter regularly (at least once in a month).
  11. Your password should be complex and difficult for others to guess. Use letters, numbers and special characters [such as !,@, #,$, %, ^, &,* (, )] in your passwords.
  12. Never share your Internet Banking passwords with others, even family members. Do not reveal them to anybody, not even to an ICICI Bank employee.
  13. ICICI Bank UK will never send you emails, text messages or other electronic personalized communications that request your personal or login information (i.e. usernames, passwords, PINs, security questions/answers, or account numbers). If you receive a suspicious email, text message or other electronic personalized communication that claims to have been sent from ICICI Bank Canada, please do not respond. Notify us by writing to reportphishing@icicibank.com.
  14. Be cautious about any unsolicited offers or opportunities offering you the chance to make some easy money. These adverts will normally state that they are an overseas company seeking "representatives" or "agents" to act on their behalf for a period of time, sometimes to avoid high charges for making payments, or local taxes.
  15. When browsing the web, the URLs (web page addresses) begin with the letters "http". However, over a secure connection, the address displayed should begin with "https" - note the "s" at the end. For example: Our home page address is icicibank.co.uk. Here the URL begins with "http" meaning this page is not secure and there is no account or personal information stored or asked. Click the tab under "Login". The URL now begins with "https”, meaning the user name and password typed in will be encrypted before being sent to our server.

Types of frauds and scams to watch out for:


Investment scam

Investment scams are designed to look like genuine investments and often claim to offer high returns for very little risk. Fraudsters often use spoof website that look and feel exactly as the original website, closely resembling domain name (website address), false testimonials and other marketing materials to make the scams appear genuine.

How to spot the red flags of an investment scam:

  • You searched the internet and you see multiple websites of the same company with different domain names. Some of them can be at the top of page through paid advertisements and/or cleaver use of search engine optimisation techniques used by fraudsters.
  • You’re approached by phone, email, text message or by someone calling at your house with an investment opportunity.
  • You’re called repeatedly and the fraudsters won’t take no for an answer.
  • The “company” contacting you won’t allow you to call back.
  • You feel pressured into making a quick decision, for example if the caller states the offer is “only available right now” or “don’t miss out”.
  • The only contact you’re given is a mobile phone number or a PO Box address.
  • Some of the navigational links on the webpage are images.
  • If it seems too good to be true – high returns for a low risk, then it’s probably a scam.

Visit the Financial Conduct Authority (FCA) website where there is an approved list of companies and a known scammers list together with more useful tips on staying safe. Always call the company on the number provided on the FCA website to verify that you are dealing with the genuine company. Find out more at www.fca.org.uk/scamsmart

If you suspect that you have been approached by fraudsters please tell the FCA using the reporting form at www.fca.org.uk/scams. You can also call the FCA Consumer Helpline on 0800 111 6768

If you have lost money to investment fraud, you should report it to Action Fraud on 0300 123 2040 or online at www.actionfraud.police.uk

Stop, think and act: How to avoid investment fraud:

  1. Reject cold calls
    • If you’ve received unsolicited calls about an investment opportunity, chances are it’s a high risk investment or a scam. You should treat the call with extreme caution. The safest thing to do is to hang up.
  2. Check the FCA Warning List
    • The FCA Warning List is a list of firms and individuals that are operating without FCA authorisation and operating investment scams.
  3. Get impartial advice
    • Think about getting independent impartial advice before you hand over any money. Seek advice from someone unconnected to the firm that has approached you.

Remote access scam

How it could happen to you

  • You receive a phone call out of the blue – the caller claims to be from a technical support service provider, a large telecommunications firm or computer company
  • They tell you that your computer is experiencing technical problems or your broadband is unusually slow, or there’s a risk of being hit by a rogue computer virus.
  • To fix it, they insist it’s very important to get remote access to your computer immediately. The caller will be very persistent and persuasive.
  • Often they’ll warn that if you delay, you risk causing damage to your hardware or face a financial blow
  • After convincing you to stay on the line, you’ll be told you need to buy software or sign up to a service to fix the problem.
  • They then ask for your personal details and your bank or credit card details.

Stop, think and act

If you get a call like this, hang up immediately. No genuine company will call you out of the blue, requesting remote access to your computer. Never give your personal or payment details, or online account information, over the phone – unless you made the call or the phone number came from a trusted source.

Make sure your computer is protected with updated anti-virus and anti-spyware software, and a robust firewall. Always do your research first and only buy software from a source that you know and trust.

Impersonation calls, emails and SMS texts scam

If you receive an call, email, text or WhatsApp message purporting to be from the government, National Crime Agency (NCA), HMRC, Home office, then take a moment to think before you before part with any money or information. The offenders would warn you about a banking scam and persuade you to allow remote access to your computers, or hand over personal information and bank details. Never click on any links or download attachments as fraudsters will try to get victims to download malware or enter their personal details into fake websites which can be used to steal your identity.

Phishing Calls scam

If you receive a call offering protective face masks, hand sanitiser, testing kits, medicine, etc. be aware that they may not always be legitimate. If you do receive a call, don't be afraid to hang up and research the company first. A large number of victim’s have reported ordering goods over the phone or online, offering up their bank details, and items never arriving.

Holiday Cancellations scam

With many holidays being affected as a result of COVID-19 there will inevitably be an increase in scams offering refunds or rebooking’s. If you receive a call or email from someone purporting to be from a travel company or airline offering anything holiday related be very cautious. The best thing to do is contact the party you booked your holiday with directly.

 Fake charities scam

There has been an increase in cases of fake charities knocking on doors and asking residents to donate to coronavirus related causes. It is important that you never give your financial information to someone you cannot confirm is legitimate. Take time to do your research beforehand if you wish to donate to a charity, and always send money through a secure online portal-never transfer money into someone's bank account.

Mobile Banking Safety Tips


With Mobile Banking, your banking and financial transactions are at your fingertips.

Here are some precautions for safe and secure mobile banking

  • Set up a Pin/password to access the handset menu on your mobile phone
  • Register/ update your mobile number and e-mail ID for alerts to keep track of your banking transactions.
  • Delete junk message and chain messages regularly
  • Do not follow any URL in message that you are not sure about
  • If you have to share your mobile with anyone else or send it for repair/maintenance
    • Clear the browsing history
    • Clear cache and temporary files stored in the memory as they may contain your account numbers and other sensitive information
    • Block your mobile banking applications by contacting your bank. You can unblock them when you get the mobile back
    • Clear the browsing history
  • Do not save confidential information such as your debit/credit card numbers,CVV numbers or PIN's on your mobile phone
  • Do not part with confidential information received from your bank on your mobile
  • Install an effective mobile anti-malware/anti-virus software on your smartphone and keep it updated
  • Keep your mobile's operating system and applications, including the browser, updated with the latest security patches and upgrades
  • Password-protect your mobile device to protect against unauthorised access. Set up a Pin/password that is difficult to crack
  • Do not enable auto-fill or save user IDs or passwords for mobile banking online
  • If possible, maximise the security features by enabling encryption, remote wipe and location tracking on device
  • Never leave your mobile phone unattended
  • Turn off wireless device services such as Wi-Fi, Bluetooth and GPS when they are not being used. The Bluetooth can be set up in invisible mode
  • Avoid using unsecured Wi-Fi, public or shared networks
  • Do not use "jailbroken" or "rooted" devices for online banking. Jailbreaking or rooting a device (the process of breaking into the phone's built-in operating system to control it outside the vendor's original intention) exposes the device to additional malware and gains administrative or privileged access of OS
  • Only download apps from official app stores such as Apple iTunes, Android Marketplace, Google Play Store and BlackBerry App World
  • Never disclose personal information or online banking credentials via e-mail or text message as these can be used for identity theft
  • Log out from online mobile banking or application as soon as you have completed your transactions. Also make sure you close that window
  • Be aware of shoulder surfers. Be extra careful while typing confidential information such as your account details and password on your mobile in public places
  • In case you lose your mobile phone, please call our 24-hour Customer Care to disable the iMobile application
  • Never download and install applications from untrusted sources. Install apps downloaded from reputed application market.
  • Always verify app permissions and grant only those permissions which have relevant context for the app’s purpose.
  • Always remember in settings, do not enable installation of apps from “untrusted sources”.
  • Avoid using unsecured, unknown Wi-Fi networks. There may be rogue Wi-Fi access points at public places used for distributing malicious applications.

Rogue Banking Apps


What are rogue banking apps?

  • Rogue banking apps are illegitimate or “look alike” banking apps with embedded malware with an intention to steal sensitive/critical data or banking credentials. These may be generally available online as freeware
  • Cyber criminals are known to imitate legitimate versions of apps and embed them with mobile malware – an act called Trojanizing. These malicious apps are designed to look like real mobile banking apps. Cybercriminals use different tricks like using the same images and icons and closely imitating the publisher’s name

How to spot rogue mobile apps?

  • Some rogue mobile apps may come with well-written legal terms usually highlighting the fact that the app may charge you. Even if these legal terms make the app seem legit, its best you read them carefully
  • The rogue app can drain your phone battery really fast. So battery running low frequently might be a sign of infection with malware or virus
  • Check your phone bill periodically and keep tabs on any suspicious activity. If you spot unusual activity in your phone or in your bill, contact your mobile network provider
  • Check the app’s download page for inconsistencies or misspellings. Those are tell-tale signs of a fake

What are the impacts of rogue apps?

  • Mobile malware can not only steal information, but can also take full control of your mobile device’s functions. Once users access these apps, they unwittingly give out their account information. Some of the impacts of rogue apps may be;
    - Configure your updates
    - Steal passwords, certificates, etc.
    - E-mail screenshots
    - Perform financial transactions on behalf of user/perform financial frauds
    - SMS forwarding, call blocking, ping different applications, reduce battery life and many more

How can I download a genuine app from app store?

  • Before downloading a new app, always check its reviews and ratings from other customers that have used the app,  The publisher which should be ICICI Bank Ltd only
  • Take a minute or two to read the app description. This is often where you can distinguish between a real and fake app. Usually fake apps contain irrelevant description/no description about the app functionality and often described with spell errors
  • Check for the app’s permissions before installing them

Where can I download?

  • It’s advisable to download ICICI Mobile Banking apps only from the following app stores as only they are authorised to host ICICI Bank apps
    - Android Play store 
    - Apple iOS App store
  • All legitimate apps of ICICI Bank published on these stores are through the single developer ID i.e. ICICI Bank Ltd
  • No other appstores are authorised to carry apps developed by ICICI Bank. Also, no developer other than ICICI Bank is authorised to release/host apps on the above  stores

What should you do if you think you have been scammed?

  • The rogue app should immediately be removed from the device once identified. To remove the rogue app; navigate through the hosted apps on device and select the rogue app you want to uninstall. Restart the device after un-installation
  • The device would be free from rogue app threat once uninstalled. But we recommend to change the credentials/passwords of the registered accounts (online banking/shopping credentials, device authentication, folder lock or email passwords, etc.) in the device post un-installation of the rogue app; as such apps gains full access of the device's function until uninstalled
  • It is recommended to buy and install a reputed mobile antivirus to minimise the possibility of having your device infected with malware, including rogueware