Dear HDFC Customer, read two mails (details at the end of this article) from unknown senders -- adminhdfc1@switched.com and customer-onlineservice@hdfcbank.com -- informing me that someone other than me was trying to access my account details.
Hence for security reasons they want me to click on a link 'CLICK HERE TO PROCEED' (that goes to this web address: http://www.ruysch.biz//images/animated/li.htm) and verify and reconfirm my membership details. Fully aware that this was an attempt to 'phish' out my confidential banking details I click on the link above.
It opens to a page that fails to impress me. I have been HDFC Bank's customer for more than seven years now and know exactly how the bank's home page looks like. The page that I see in front of me contains a few images (four if I understand web page designing).
Interestingly, all the links on this page take you to HDFC Bank's respective pages. Even the SSL Certificate link takes you to Verisign's information centre (Verisign is a company that provides internet infrastructure including layered security to protect an organisation's customers).
Fortunately (for HDFC Bank's customers), though, the page design and layout fails to entice me to enter my Customer ID and password details in the two boxes provided alongside. For all I know this is a fraud and somebody wants to have access to my bank account.
Fortunately again, the entire effort looks very silly. And those indulging in this kind of 'phishing' think that those who use the Internet for banking transactions are morons.
Having said that there are some gullible internet users who fall for the trick and it is for their benefit that we produce here what HDFC Bank's website says about protecting your banking details online.
Precautions for using NetBanking: Courtesy: HDFC Bank
1. Always check the padlock symbol on the bottom right hand corner of your webpage to ensure that you are connected to a secure session with HDFC Bank. This is the VeriSign security symbol and confirms that the site you are interacting with is netbanking.hdfcbank.com.
2. Please check for the following website address for HDFC Bank NetBanking 'https://netbanking.hdfcbank.com' and click on the 'Verisign Secured Certificate symbol'. This page gives the information on the website authenticity along with the validity of the licence.
3. Beware of fraudulent websites which look similar to the HDFC Bank NetBanking site (like this one: http://www.ruysch.biz//images/animated/li.htm). Ensure that you are on the HDFC Bank NetBanking site before disclosing any confidential information (NetBanking password, telephone banking password etc) by checking the URL of the webpage. The NetBanking website will have this URL: https://netbanking.hdfcbank.com/netbanking/.
4. Beware of scam e-mails which may contain a virus or be linked to a fraudulent website in order to elicit your confidential information.
5. Always logout when you exit NetBanking to ensure that your secure session is terminated. Do not exit simply by closing the browser.
6. Do cross check your last login information available in NetBanking regularly to monitor your NetBanking sessions.
7. The bank recommends that sensitive data such as credit card numbers, customer ID, and bank account number are typed and that the 'copy-paste' function is not used. The data entered by using 'copy-paste' function is stored in the clipboard and may be vulnerable to misuse using special programs.
8. Please do not disclose any personal & confidential information to anyone, including HDFC Bank employees. This includes:
~ Net banking password / IPIN
~ Phone banking password / TIN
~ ATM / debit card / credit card PINs.
Here are a few more simple steps to make banking online secure: Courtesy: Bank of India
1. Never access your bank account from a public computer -- always use your own PC to log in to your account. Public computers may have programs running on them that monitor your keystrokes, which can be used by people to obtain your account password.
2. Don't fall for phishing. Sometimes you might get an innocent email, apparently from your bank, requesting you for your account details. It's a trap. Do not fall for it. A bank will never ask you for your Internet banking password, your debit card PIN number, or credit card or CVV number.
3. Always log off. Never just close your browser. Follow the instructions on your bank website to securely log off after each session.
4. Protect your password. Passwords are the key to accessing your account. Do not disclose them to anyone, not even bank employees. Frame a password that is hard to crack -- let it not be your nick name, birthday, spouse's or kid's name. Use a combination of letters and numbers, uppercase and lowercase. Also, change your password often.
5. Be wary of fake websites. Always check whether the website at which you log in your account details is genuine. There are fake websites out there that parade themselves as well-known bank websites to procure your account details. Some of them are very convincing. Check the address of the website carefully before typing in your password. Also check for the 128-bit encryption seal (VeriSign) on the home page that loads up.
6. Close all other websites. Before you access your account, close other sites. This ensures that your personal information is not accessed by any other websites which could be running some malware -- a programme that tracks your keystrokes.
7. Install AV, patches and enable firewall. Firewalls can go a long way in ensuring that your computer is not subject to unauthorised access. Go to Control Panel of your OS if you have XP and Enable Firewall. Install the latest anti-virus programs and update your computer's security patches regularly as well.
8. Look for the padlock symbol. On your bank's website, look for the padlock symbol on the bottom right of the page to ensure that the site is in secure mode before entering your personal details.
Always remember that there could be people out there who are just looking for one slip up from you to get your account details. Stay alert and your money will be safe.
And now here's the mail that started it all and we reproduce it as it is:
Due to multiple attempt error while trying to login into your online Account. We believed that someone other than you is trying to access your Account And for security reasons, we have temporarily Flagged your Online Access and your access to online banking will be restricted if you fail to Verify and re-confirm your membership details.
Verify your HDFC Online Banking Access now to enjoy the benefits of online banking and finance to avoid fraudulent activities on your Account Due to the recent Security Update, To Confirm your Account CLICK HERE TO PROCEED.
Thanks for taking the time to learn about our upcoming plan for Enhance Online Security - it's one more way that HDFC online banking can makes your online banking experience better.
© 2008 All Rights Reserved
Reader invite
Have you ever been a victim of online frauds? How did it happen to you? Did you lose any money? Did you inform your bank? What steps did your bank take to help you? Did the incident make you wiser? What steps do you take now to protect your online identity and confidential details like banking passwords?
Share your experiences with us. Write to us at mailto:getahead@rediff.co.in?subject=Online frauds -- be sure to include your name, photograph, age, profession and contact details. Interesting responses will be published right here on rediff.com.
More from rediff