Saturday, August 28, 2010

Phishing - Wanna take the bait??

TWEET this post of you like it.

Subscribe. Know of New Posts via Email.


(The photos below have NOT been sent by ICICI bank)

The Project Leader, Nihal Varechia, working for one of the popular Cellular companies in India, got an email one bright Monday morning. Simple, professional and up to the mark. It was apparently from his personal BANK that he had his accounts in.

The Email crisply stated:– (inset)
"Dear Customer

The Bank is currently updating its Online Security measures in order to serve you better. You are requested to update your Online account by following the reference below.

(The Phishing link-->)"Update your account"

Thank you
Customer Service"

“Ok Great”, Nihal thought. More security is better security.

He clicked on the link “Update your account” provided in the email and reached the page that showed the bank's logo, it's various details and other links that he would never click on and there were 2 spaces for him to input his user Id and Password. He had done this before, a few times. No worries.

Without any hesitation, choosing “credit card” as his menu option, he input his Credit card user Id and Password in the given spaces. Instantly, another screen greeted him, prompting for further information - “Credit Card Details”.

The innocent screen staring at him was urging him to input his Account number, ATM Card number, State, Zip, Phone number and email id.

“Well, all for security”, thought Nihal and input the details asked of him and hit on Enter. Suddenly, something went wrong. A new page came over that said..
“404 Error, Nothing found. Please try again.”

“Huh? Try again? What happened? Well, ok, What the hell” So thinking, Nihal refreshed his page to try again. He came over the same page once more and after putting all his details yet again, he hit enter. This time he got through.

He was now on the official ICICI login page and he was being prompted to Log in again. “Log in again?? But….what the HELL?? Are they Crazy??” Nihal, now frustrated just wanted to click on the “logout” button, instead could only see “Login”. Perplexed, he gave up and closed all pages related to the bank and got up from his node to have some fresh air while he sipped on hot tea.

Somewhere, not so far, sitting on his console was a dark looking man smiling from ear to ear. His teeth were bright enough to light up the semi dark, rented room that he was staying in. His trickery had found another victim.

The dark man was rubbing his palms, smiling satisfactorily looking at the private bank details of a fool by the name Nihal Varechia, as he recalled an age old maxim – “The fool and his wealth are soon parted”.

20 days later, Nihal received a Credit card statement and a Credit card Bill payment of Rs 100,000…that had been apparently used by him.


PHISHING is a criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity (read website) in the electronic medium.

1. It is typically carried out by e-mail or instant messaging.
2. It often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
3. The phishing e-mail typically ask you to click a link to visit a Web site, where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers.
4. The Phishing link almost always shows an error message after the first log in attempt. This is just a scam so you think it happened by mistake. The truth is that the first time log in sends your login user id and password to a personal email id of the attacker. The 2nd time login drops you to the REAL website page so you don't detect you have just been cheated.

"How to spot a phishing scam"

If you receive emails with similar looking messages or alerts as given below, you need to be on an alert and double check it's authenticity.

"Verify your account"
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. If you receive an e-mail asking you to update your credit card information, do not respond.

"If you don't respond within 48 hours, your account will be closed."
These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail might even claim that your response is required because your account might have been compromised.

"Dear Valued Customer."
Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.

"Click the link below to gain access to your account."
HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site.
The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony
Web site.

Lastly....Always look at the browser address bar - the space for website address usually at the top on your browser. It will reveal the REAL website you are on. if you think it looks even slightly dubious, stop.

A few Photos : What our protagonist Nihal Varechia should have verified:

Always look at the address bar for the real website name

Phishing site alert by an updated browser and computer security

Never give away your used id and Password without proper verification

Never provide your personal details to any one or any site without proper verification


(The bank ICICI has NOTHING to do with fraud or phishing activities. The given photos are NOT sent by ICICI bank but by phishing attackers. These are real photos received by a Rediffmail user. This post is made as warning to it’s readers so they be aware of the phishing tricks.)

21 Spoke their mind: yep, makes a difference !!

Sheril said...

Hey ,
Real nice one very informative.........
Lets all ensure that we dont be a fish in the Phishing trap...........

Latha Nair said...

The things that we get to hear and read these days about being taken for a ride by such conmen makes me wary even to use the simple ATM. Guess I'd rather put my hard earned money under my bed-anyway the peanuts that I earn can easily do with such a resting place!

ankita mehta said...

I totally agree with Latha Nair. Informative write up:)

Anand said...

Latha...Lol. Not true.
Hard earned money can never be in the 'peanuts' category...otherwise it wud not be in the 'hard earned' category, wud it? (If u understand that, explain it to me too. Hehe)

Well it's ok to use ur card jus be careful. :)

ICICI Bank Care said...


Thanks for spreading awareness about phishing.

ICICI Bank Customer Service Team.

Anand said...

ICICI Cust Service team, I had no idea you guys Roam the Bloggie world lookin at all blogs with the word ICICI. Brrrrr...

But...Ur welcome. :)
(Er....I wud need a loan of a few lakhs later.)

Anand said...

@Selfie.....I just have to agree on that one. yep, u are born intelligent.
Hold on while I..mmffttt.. go to the...ssstttt.... other room..and LAFF my guts out...:) :)

Self- Proclaimed Shoe Addict said...

hahahahahahhaha (sarcastically done) very funny! im surprised u didnt use the *cough* mode

Anand said...

Lol. Biatch.
But u gotta admit u enjoyed my comment, dincha? huh? huh? huh, huh, huh?? hehe

Imp's Mom said...

Really informative ya!

But wht surprises me most is that people readily give out their card info online, which they wouldn't give to a random person in real life. Ironic na.

Anand said...

ye Ironic. Dunno why. Less awareness I guess.

Imp's Mom said...

More like false sense of security on the net..what u cant see cant hurt u types..i think. Wht I dont get is why do they loose their logic when online?

Anand said...

I think ur rite. Add to that the blind trust they hv on online security promises by banks, etc.
How will they lose their logic when it's not there to begin with.
The net is still a scary proposition for majority. Those who r aware..dont get fooled.

1000 bucks for your thoughts?



Creative Commons License

This Site is protected. Copying Prohibited.

Copyright served Registered & Protected

Monthly Love

TakEUpLaCES ©Template Blogger Green by Dicas Blogger.

Back to TOP