Indusface Consulting
Home Contact Indusface Sitemap  
 
 
 
data sheets
case studies
  indusface in news

spotlight

corporate
Other banks caught in phishing net too

Paul John

[ Sunday, February 12, 2006 10:51:38 pm TIMES NEWS NETWORK ]

SURAT: If you thought that ICICI Bank alone had smelt something 'phishy' in a site that impersonated its own, you would be wrong. HDFC Bank, another banking major, has a phishing site too.

The site, called www.hadfcbank.com, is very much similar to the URL of the actual HDFC Bank's website — www.hdfcbank.com.

If that were not enough, other banks like IDBI, ICICI Bank Home loans, HSBC, Standard Chartered, ABN personal loans, Bank of India and Kotak Mahindra too have their phishing sites.

Cyber security experts say phishing sites are created by hackers with the intention of extracting essential information from victims such as their usernames and passwords.

The basic idea is that they lead you to pop-up pages that ape the ones originally put up by the bank. The pages ask you for your phone numbers and email IDs. Once you click 'submit', the hacker sends you a mail that consists of a domain name similar to that of the bank demanding your password and IDs.

On the phishing site www.hadfcbank. com, there's even a link to HDFC's office in Chennai. This site does not identify itself in that there are no contact details.

Once you click on its links, the page leads you to a host of other web pages which might display some high discount rates on real estate options and some pornographic sites too.

Similarly, the phishing site for IDBI Bank comes with an extra 'I' — www.idbiibank.com. This page too offers links to a host of other phishing sites of ABN Amro, Kotak Mahindra, UTI, Bank of India and ICICI home loans.

Cyber security expert Ashish Tandon says the best way to avoid such dubious websites is to look for a 'yellow lock' that is displayed on the bottom left or right of a web page. This sign actually authenticates the fact that your transaction with the bank's server is encrypted. A mere click on this sign leads you to the actual security certification, mentioning the expiry date and the bank's identity. “Phishing sites actually count on the typing errors of their victims.

Like an extra 'I' in IDBI or ICICI or they would come with a '.net' or '.org' in the domain name. One method of preventing such fake sites from operating is the inclusion of the two-factor authentication system in net banking activities.

This provides a higher level of security than just static passwords alone. "The two factor authentication system gives the customer a personal password grid that cannot be deciphered by a hacker," adds Tandon.
    © 2009 Indusface. All rights reserved. Terms of Use and Privacy Statement