SBI issues guidelines to prevent phishing attacks on your account

SBI issues guidelines to prevent phishing attacks on your account

FPJ Web DeskUpdated: Wednesday, February 23, 2022, 03:19 PM IST
article-image
Phishing is a general term for e-mails, text messages as well as websites fabricated and sent by criminals to customers./Representative image |

The State Bank of India has issued a detailed guideline on how its account holders can prevent themselves be attacked from phishing.

In the wake of COVID-19 and new digital operations, banking and financial institutions have been struggling to deal with an increasing number of fraud incidents and the trend is expected to continue, a Deloitte India survey said. Data theft, cybercrime, third party induced fraud, bribery and corruption and fraudulent documentation have been identified as the top five concerns, with over 42 percent of respondents having reported they were victims of these types of fraud.

What is phishing?

Phishing is a general term for e-mails, text messages as well as websites fabricated and sent by criminals to customers. They are designed in such a way which looks like they have come from well-known and trusted businesses, financial institutions and government agencies, with an ill-intent to collect personal, financial and sensitive information. It’s also known as brand spoofing. If you should ever receive an email that appears to be suspicious, do not reply to it or click on the link it provides. Simply delete it. To report a suspicious email that uses SBI’s name, you can report to us immediately at report.phishing@sbi.co.in. You can read more about Phishing here.

Methods of phishing

Phishing attacks use both social engineering and technical subterfuge to steal customers' personal identity data and financial account credentials

Customer receives a fraudulent e-mail seemingly from a legitimate Internet address

The email invites the customer to click on a hyperlink provided in the mail

Click on the hyperlink directs the customer to a fake web site that looks similar to the genuine site

Usually the email will either promise a reward on compliance or warn of an impending penalty on a non-compliance

Customer is asked to update his personal information, such as passwords and credit card and bank account numbers etc.

Customer provides personal details in good faith. Clicks on 'submit' button

He gets an error page

Customer falls prey to the phishing attempt

Do's and don'ts in sharing of personal information

Don'ts

Do not click on any link which has come through e-mail from an unexpected source. It may contain malicious code or could be an attempt to 'Phish'.

Do not provide any information on a page which might have come up as a pop-up window

Never disclose via text message any personal information, including account numbers, passwords, or any combination of sensitive information that could be used fraudulently

Never provide your password over the phone or in response to an unsolicited request over e-mail

Always remember that information like password, PIN, TIN, etc. are strictly confidential and are not known even to employees/service personnel of the Bank. You should therefore, never divulge such information even if asked for.

Do's

Always log on to a site by typing the proper URL in the address bar

Give your user id and password only at the authenticated login page.

Before providing your user id and password please ensure that the URL of the login page starts with the text ‘https://’ and is not ‘http:// ‘.The 's' stands for 'secured' and indicates that the Web page uses encryption.

Please also look for the lock sign at the right bottom of the browser and the Verisign certificate

Provide your personal details over phone/Internet only if you have initiated a call or session and the counterpart has been duly authenticated by you

Regularly update your computer protection with anti-virus software, spyware filters, e-mail filters and firewall programs

Regularly check you bank, credit and debit card statements to ensure that all transactions are legitimate

Please remember that the bank would never ask you to verify your account information through an e-mail

As a general rule, be suspicious when receiving any unsolicited incoming communication/phone call asking your personal or financial information or asking to update them on a site. Contact your Bank directly through official channels available to verify authenticity of those calls.

What to do if customers have accidentally revealed password/PIN?

If a customer feels that he has been phished or he has provided personal information at a place he should not have, he can carry out the following immediately as a damage mitigation measure:

Please lock your user access immediately by clicking Here

Contact your bank/financial institution or credit card company

Contact your local police

Always report phishing to report.phishing@sbi.co.in

Check your account statement and ensure that it is correct in every respect

Report any erroneous entries to the bank

Use the other compensatory controls provided by the bank like setting the limits for demand draft and trusted third parties to zero, enabling high security, etc. to minimize the risk

Website links for further details

https://www.onlinesbi.com/personal/aboutphishing.html

https://www.onlinesbi.com/personal/safe_online_banking.html

RECENT STORIES

Game-Changing Alliance: Ambani's Reliance Ventures Into Adani's Power For The First Time; Acquires...

Game-Changing Alliance: Ambani's Reliance Ventures Into Adani's Power For The First Time; Acquires...

SRM Contractors IPO Subscribed 86.57 Times On Last Day Of Bidding

SRM Contractors IPO Subscribed 86.57 Times On Last Day Of Bidding

Tax-Saving Tip From Zerodha CEO Nithin Kamath: 'If You're Married And Hindu..."; Here's How To Save...

Tax-Saving Tip From Zerodha CEO Nithin Kamath: 'If You're Married And Hindu...

Holy Cities Like Ayodhya, Varanasi Attracting Big Retail Brands: Report

Holy Cities Like Ayodhya, Varanasi Attracting Big Retail Brands: Report

A Big Relief For Byju's: NCLT Rejects Investor Plea To Stay Byju's Rights Issue EGM On March 29 Amid...

A Big Relief For Byju's: NCLT Rejects Investor Plea To Stay Byju's Rights Issue EGM On March 29 Amid...