You must have seen recent newspaper reports about fraudulent emails going out to customers of various banks asking them to update confidential and sensitive information pertaining to their accounts, Debit Card numbers/PIN numbers, Internet Banking User IDs/Passwords etc. This fraudulent method of obtaining account information is called Phishing.
The Phishing email may also direct you to a spoofed (copy) website or pop-up window, which looks exactly like the real bank site. The fraudster sends "spoofed" emails that appear to come from a legitimate website or source that you have online dealings with such as a bank, Credit Card Company or an ISP – any site which requires users to have a personal identity or account. The email may ask you to reply with your account details or personal information in order to "update security" or for any other reason.
Please note the following points that will help you protect yourself while using Internet Banking:
Never respond to emails/phone calls that request personal information.
No bank would never ask for updation/activation of your personal details through an email. Nor would they ask for your password through any means, online or offline. If any of bank personnel asks you for your password, do not disclose it and report him or her immediately to your bank.
Keep your password top secret and change them often.
Changing passwords often helps in protecting your account even if inadvertently you may have disclosed it to someone.
Never use cyber cafes to access your online accounts.
PCs at cyber cafes may be infested with viruses and Trojans that can capture and transmit your personal data to fraudsters. Beware of typing passwords on unknown PCs. If you do, ensure to change your password at the earliest using your own PC at your workplace or at home.
Use the Virtual KeyPad
Please remember to always use the facility of the Virtual KeyPad, provided on the login page while logging on to your account from an unknown PC or from a cyber café.
Keep your computer secure.
Please ensure that anti-virus software is installed on your PC and regularly updated. It is also prudent to install a firewall on your PC to prevent any unauthorised control and access to data on your PC while surfing the internet.
Check the website you are visiting is secure.
Before submitting your bank details or other sensitive information the following checks will help ensure that the site uses encryption to protect your personal data: If the address bar is visible, the URL should start with 'https://' ('s' stands for secured) rather that the usual 'http://'. Please note that the fact that website is using encryption doesn't necessarily mean that the same is legitimate. It only tells you that data is being sent in encrypted form.
Following the above steps would help you transact over the net in the most secure environment. We reiterate the following simple precautionary measures:
- Never let anyone know your PINs or passwords, do not write them down.
- Do not reveal your Passwords/Pins to anyone over the phone, even if the caller claims that he/she is calling on behalf of the Bank.
- Do not use the same password for all your online accounts.
- Do not reveal to anyone (including Bank personnel), the Unique Registration Number (URN), One Time Password (OTP) and On-line Shopping Password (OSP) forwarded by the Bank to your mobile phone.
- Avoid opening or replying to spam emails, even if purportedly sent by the Bank.
- In case of suspicion, report the matter immediately to your bank on 24 hour customer care numbers or email them.
- Look for the padlock symbol either in the address bar or the status bar BUT not within the web page display area. Verify the security certificate by clicking on the padlock image.
- Disable the "Auto Complete" function on your browser to prevent your browser from remembering Passwords.
- Ensure that the address bar has turned to green indicating that the site is secured with an SSL that meets the Extended Validation Standard.
- Always logout to terminate your session, instead of closing the browser directly.
- Always type the address of the bank website in the address bar of your browser or access it from your stored list of favourites. Do not access the bank website through a link in an email or through another website.
- Using special characters like # $ @ etc. in your password is highly recommended.