Phishing a most common type of cyber-attack in which a victim/target is contacted by email or phone or text message by someone posing as a legitimate organisation or person to mislead the victim into sharing their sensitive data such as personal information, login credentials, debit card information, or bank account details.
Phishing is a type of social engineering attack which can take various forms - email phishing, vishing (voice phishing) and smishing (SMS phishing) or a combination of all of them.
How The Fraudsters Operate?
Email phishing: In email phishing, you will receive a fraudulent email which will look like a genuine email from your bank or other legitimate organisations or government agencies tricking you to provide your sensitive data.
How to identify an email Phishing attempt?
- Unsolicited emails, calls from strangers or websites asking for confidential banking details
- Messages asking for urgent action due to security reasons
- Links received in emails to access known websites
- To check the actual website, roll the cursor over the link or check for https:// where "s" stands for 'secure site'
- The fraudster may use well known bank's email address, domain name, logo, etc to give an authentic look to the fake email
- Such fake emails will always address you by a generic salutation or address you by "Dear Net Banking Customer" or "Dear Bank Customer". Bank's authentic emails will always address you personally by your name e.g. "Dear Mr. Suresh Kumar"
- Very often, such fake emails are poorly drafted and may have spelling or grammatical mistakes
- Such fake emails will always encourage you to click on to a link to verify or update your confidential account information
- The links embedded in such fake emails may sometimes look authentic but when you move the cursor/pointer over the link, there may be an underlying link/url to a fake website
How to avoid email phishing scams?
- Please note that ICICI Bank will never ask for confidential data such as your internet banking user ID, password, PIN, credit card / debit card / bank account number, card verification value (CVV) number, etc.
- Do not open spam mails. Be especially cautious of e-mails that:
- Come from unrecognized senders.
- Ask you to confirm personal or financial information over the Internet and/or make urgent requests for this information.
- Are not personalised.
- Try to upset you into acting quickly by threatening you with frightening information.
- Do not click on links, download files or open attachments in e-mails from unknown senders. Be cautious even if the e-mail appears to come from an enterprise you do business with. It is a good practice to call up the concerned to confirm in case the e-mail is unexpected.
- Communicate personal information only via secure web sites. In fact:
- When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser's status bar or a "https:" URL whereby the "s" stands for "secure" rather than a "http:".
- Also, check if the website address is correct before conducting online transactions.
- Protect your computer by installing effective anti-virus / anti-spyware / personal firewall on your computer / mobile phone and update it regularly.
- Check your online accounts and bank statements regularly to ensure that no unauthorized transactions have been made.
- Do not disclose details like passwords, debit card grid values, etc. to anyone, even if they claim to be bank employees or on e-mails/links from government bodies like BOE, NCSC, ICO, HMRC, etc.
- Type the web address in the browser. Do not use links received in e-mails.
- In case you have used a cyber cafe / shared computer, change your passwords from your own computer.
- Register for e-mail and mobile alerts to check your account regularly.
- Report any fraudulent incident to the Bank / institution on the number mentioned on the debit/credit card, bank/credit card statement or official website.
- Do not rely on the name and source in the "From" field of the email address as it may be easily manipulated by the fraudster to a valid email account of bank
- Always access your bank website by typing the URL in the address bar of your browser only
- Always check the authenticity of the software before downloading
- If you get an email asking for personal or credit/debit card information, please do not provide this information no matter how 'genuine' the page appears to be. Such pop-ups are most likely the result of malware infecting your computer. Please take immediate steps to disinfect your device
- Any bank or their representative will never send you emails to get your personal information, password or one time SMS (high security) password. Such e-mails are an attempt to fraudulently withdraw money from your account through Internet Banking
How to report a phishing attempt?
What should you do if you have entered data on a fraudulent link or your money has been fraudulently transferred through phishing?
- Change the passwords immediately
- In case you've provided your financial or personal information to someone who you later think is a scammer, immediately call us at 0344 412 4444 (in case you are in UK) or +44 203 478 5319 (in case you are outside the UK) and ask about cancelling fraudulent transactions and/or blocking future changes.
- You may also report your incident to Action Fraud at https://reporting.actionfraud.police.uk/login and other institutions with whom you have relationships.
For more information and guidance on cyber security, kindly visit website of the National Cyber Security Centre (NCSC) at www.ncsc.co.uk. The NCSC is an organisation of the United Kingdom Government that provides advice and support for the public and private sector in how to avoid computer security threats.