Home > Business > Special
Priya Ganapati in Mumbai |
June 25, 2004
Did you know that e-mails, long considered the most convenient form of communication, can actually spring some nasty surprises for you?
Recently, a few ICICI Bank customers in Mumbai, to their utter dismay, discovered that e-mails can be extremely hazardous, if not to their health, at least to their security.
These ICICI Bank customers received an e-mail from someone who posed as an official of the bank and asked for sensitive information like the account holder's Internet login name and password and directed them to a Web page that resembled the bank's official site.
When some customers wrote in to find out what the e-mail was about, the bank officials registered a complaint with the police.
New as it may be in India, it is actually a popular banking scam, a warning against which had been issued by many international banks including Barclays and Citibank.
rediff.com presents a guide that will help readers understand what the scam is about and how they can stay clear of it.
What happened in the case of the e-mail scam involving ICICI Bank?
A few customers of ICICI Bank received an e-mail asking for their Internet login name and password to their account. The e-mail seemed so genuine that some users even clicked on the URL given in the mail to a Web page that very closely resembled the official site.
The scam was finally discovered when an assistant manager of ICICI Bank's information security cell received e-mails forwarded by the bank's customers seeking to crosscheck the validity of the e-mails with the bank.
Such a scam is known as 'phishing.'
What does phishing mean?
Phishing means sending an e-mail that falsely claims to be a particular enterprise and asking for sensitive financial information. Phishing, thus, is an attempt to scam the user into surrendering private information that will then be used by the scammer for his own benefit.
Phishing uses 'spoofed' e-mails and fraudulent Web sites that look very similar to the real ones thus fooling the recipients into giving out their personal data. Most phishing attacks ask for credit card numbers, account usernames and passwords.
According to statistics phishers are able to convince up to five per cent of the recipients who respond to them.
How can you make out if an e-mail is genuine or not?
There are ways to 'spoof' an e-mail so that it appears to come from someone other than the person who is actually sending it. E-mail spoofing is a popular way of scamming online. An e-mail can be spoofed by tweaking the settings of e-mail clients like Outlook Express, Netscape Messenger and Eudora.
However, finding out whether an e-mail is genuine or not is not very difficult. Every e-mail message contains headers that have the following information:
- Origin, which shows information about the machine that sent it,
Relay, which shows the sender machine relaying it to another, and
Final destination, which shows the machine that receives it, the IP address and the domain name.
Check out this URL: http://www.lse.ac.uk/itservices/help/e-mailheader.htm for an example of what the different things in an e-mail header mean.
By learning how to identify what the header components are you can distinguish whether an e-mail is genuine or spoofed.
That sounds a little complicated. Is there any easier way?
Not really. But following these three guidelines can help protect you.
A legitimate financial institution will never ask for details of your account via an e-mail. A corollary to this rule is that never e-mail financial information over the Internet. E-mail is not a secure method for transmitting this kind of information.
- If you initiate a transaction and want to provide your personal or financial information through an organisation's Web site, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a Web site that begins 'https:' (the 's' stands for 'secure').
Unfortunately no indicator is foolproof, so always call your local bank and ask for verification before responding to any form of electronic correspondence that claims to come from the bank.
What are the other popular e-mail scams?
The Nigerian scam is another very popular e-mail related scam that has found a few victims in India.
The scam itself is simple. An e-mail, which claims to be written by a prominent official from an African country asks the recipient to help them release millions in the bank and offers them a share of the bounty.
Once the recipient responds he is asked to visit the (African) country and meet with officials to collect the money. But once there, instead of getting money, he is forced to cough up a considerable sum.
This scam is known as the 'Advance Fee Fraud' or '419 Fraud,' after the section of the Nigerian Penal Code that specifically prohibits this con.
If you are interested in knowing more about this check out this link: http://www.crimes-of-persuasion.com/Crimes/Business/nigerian.htm