Tuesday, August 26, 2008

ICICI bank's duplicate Site

Below is a link to sample of a fraudulent e-mail that has been sent to ICICIBank.com customers. It purports to be from ICICIBank.com but it is not.
Its intent is to get customer to enter sensitive information about their account and to then use this information to commit fraud.

http://www.icicibank.com/pfsuser/spoofs/mail_6.htm

http://www.icicibank.com/pfsuser/spoofs/mail_4.htm

http://www.icicibank.com/pfsuser/spoofs/mail_1.htm


http://www.icicibank.com/pfsuser/spoofs/mail_2.htm


http://www.icicibank.com/pfsuser/spoofs/mail_3.htm

http://www.icicibank.com/pfsuser/spoofs/mail_5.htm

What Is Vishing?

Vishing is a combination of Voice and Phishing that uses Voice over Internet Protocol (VoIP) technology wherein fraudsters feigning to represent real companies such as banks attempt to trick unsuspecting customers into providing their personal and financial details over the phone.


How The Fraudsters Operate?

A typical vishing attack could follow a sequence such as this:

1. The fraudster sets up an automatic dialler which uses a modem to call all the phone numbers in a region.

2.When the phone is answered, an automated recording is played to alert the customer that his/her credit card has had illegal activity and that the customer should call the recorded phone number immediately. The phone number is with a caller identifier that makes it appear that they are calling from the financial company they are feigning to represent.

3.When the customer calls the number, it is answered by a computer-generated voice that tells the customer they have reached 'account verification' and instructs the consumer to enter his/her 16-digit credit card number on the key-pad. A visher may not have any real information about the customer and would address the customer as 'Sir' and 'Madam' and not by name or the prefix 'Mr....' or 'Ms...'.

4.Once a customer enters his/her credit card number, the "visher" has all of the information necessary to place fraudulent charges on his/her card. Those responding are also asked for the security number found on the rear of the card.

5.The call can then be used to obtain additional details such as security PIN, expiry date, date of birth, bank account number, etc.


Tips To Protect Yourself From Vishing

1.Your bank would have knowledge of some of your personal details. Be suspicious of any caller who appears to be ignorant of basic personal details like first and last name (although it is unsafe to rely on this alone as a sign that the call is legitimate). If you receive such a call, report it to your bank.

2.Do not call and leave any personal or account details on any telephone system that you are directed to by a telephone message or from a telephone number provided in a phone message, an e-mail or an SMS especially if it is regarding possible security issues with your credit card or bank account.

3.When a telephone number is given, you should first call the phone number on the back of your credit card or on your bank statement to verify whether the given number actually belongs to the bank.


MONEY MULE

What Is Money Mule?

Once the fraudster has captured personal information using anyone of the ways mentioned above, they need an account to which they can transfer funds from the compromised account. This is where a “Money Mule” comes into picture. A Money Mule is an unwitting participant in the frauds who is recruited by fraudsters to launder stolen money across the globe.



How The Fraudsters Operate?


1.Fraudsters contact prospective victims (money mules) with job vacancy ads via spam e-mail, Internet chat rooms or job search Web sites. Jobs usually are advertised as financial management work, and ads suggest that no special knowledge is required.

2.The crime rings persuade the victim to come and work for their fake company. Some fraudsters even ask mules to sign official-looking contracts of employment.

3.Once recruited, money mules receive funds into their accounts. These funds are stolen from other accounts that have been compromised.

4.Mules then are asked to take these funds out of their accounts and forward them overseas (minus a commission payment), typically using a wire transfer service.

5.As the account of the mule has been involved in the transaction, the mule also becomes an unwitting participant in the frauds.


Tips To Protect Yourself From Money Mule

1. Be cautious about any unsolicited offers or opportunities offering you the chance to make some easy money. Be especially wary of offers from people or companies overseas as is harder for you to find out if they really are who they say they are.
2. Money mule adverts or offers can take a variety of different forms and they may even copy a genuine company's web site and register a similar web address to add authenticity to the scam.

3. These adverts will normally state that they are an overseas company seeking "representatives" or "agents" to act on their behalf for a period of time, sometimes to avoid high charges for making payments, or local taxes.

4. The advert may be written in poor English with grammatical and spelling mistakes and they may urge you not to inform the bank or the police about the reason for making the payments. The adverts may seek people with accounts at certain banks, or Internet payment systems.

5. Take steps to verify any company which makes you a job offer and check their contact details (address, phone number, email address and web site) are correct and whether they are registered.

No comments: