DCEite · 22nd July 2010, 16:14

After forwarding the phishing mail to ICICIBank, received following reply from Bank:

Dear Customer,

Thank you for writing to us and bringing this e-mail to our notice.

We wish to inform you that the e-mail you have received has not been sent by ICICI Bank.

This is a scam called "phishing" wherein certain individuals/entities solicit, through e-mail, personal information like Internet Banking User id, passwords, credit / debit card numbers, bank account information, or other personal and sensitive information from unsuspecting customers . Clicking on the link or even pasting it in the address bar of your browser will take you to a fraudulent site. This fraudulent link will normally not have the padlock sign in the tool bar which will discriminate this site from our genuine site ( icicibank.com )

We urge you not to reply to such e-mails. Please do not share any of your personal information in response to such mails. ICICI Bank will not ask for this information via e-mail or by directing you to a link online.

If you have revealed your account details in response to this e-mail or any such, please call and inform our ICICI Bank 24-hour Customer Care immediately and put in a request to block your user id and password.

You may continue to transact with ICICI Bank by typing ( icicibank.com ) in the address bar of your browser window without any apprehension. We reassure you that we use the latest encryption and SSL security devices to make our web site safe for use.

May we request you also to forward this e-mail to your friends and family members so they too are aware of similar "phishing" scams.

Please visit the 'Safe Banking' section on our web site for "Safety Tips" and more information on a secure online banking experience.

We reiterate that ICICI Bank acts at all times with in good faith, with diligence and without any intent prejudicial to the interests of its customers.

Thank you,

Sincerely,
Chanchal Srivastav
Office of Head Service Quality

CONFIDENTIALITY INFORMATION AND DISCLAIMER

"This e-mail message may contain confidential, proprietary or legally privileged information. It should not be accessed by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. The recipient acknowledges that ICICI Bank or its subsidiaries and associated companies, (collectively "ICICI Group"), are unable to exercise control or ensure or guarantee the integrity of/over the contents of the information contained in e-mail transmissions and further acknowledges that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of ICICI Group. Before opening any attachments please check them for viruses and defects.

sbraj · 22nd July 2010, 17:48

Quote:

Originally Posted by bblost

I don't understand how they can do a funds transfer using icici infinity portal without the Grid Card

They ask precisely that. All the grid card numbers.

Guna · 30th December 2010, 15:02

Got a mail from ICICI (supposedly) with a subject title 'Attention! Your Account is Restricted'. It looked like a phishing mail and have reported it to the bank.

Guys, pls be careful as the mail looks as if it has been sent by ICICI and prompts you to use login credentials.

prince_pervez · 3rd January 2011, 06:44

Quote:

Originally Posted by pranavt

You can send it off your own computer if you take the trouble of setting up an SMTP server

Why even that ? Give me your email ID and the ID you wish to receive an email from. I can do it right from my laptop. You just need a mail host/outgoing server SMTP name and code (in any programming language).

pranavt · 3rd January 2011, 13:26

Quote:

Originally Posted by prince_pervez

Why even that ? Give me your email ID and the ID you wish to receive an email from. I can do it right from my laptop. You just need a mail host/outgoing server SMTP name and code (in any programming language).

I know that. I setup and run servers for a living

The post was to show that you do not even need any 3rd party resources if you want to do it yourself.

Amartya · 6th January 2011, 08:41

While not related directly related to ICICI, one must be aware of this. I found technique to be particularly clever, it's called tabnabbing, check it out - Link

For those who can't be bothered to read the link(quoted from the site itself):

Quote:

A user navigates to your normal looking site.
You detect when the page has lost its focus and hasn�t been interacted with for a while.
Replace the favicon with the Gmail favicon, the title with �Gmail: Email from Google�, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
As the user scans their many open tabs, the favicon and title act as a strong visual cue�memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they�ll see the standard Gmail login page, assume they�ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
After the user has entered their login information and you�ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

Imagine the whole scenario with a bank website.

hellboy999 · 14th April 2011, 08:06

The best possible solution I can think off for this is to never open any bank or email website via a link.We should always make it a point to type out the address or for that matter copy paste from our existing resources like a notepad.
This will certainly help prevent any chance phishing.Plus people should genuinely refrain from keying in any sensitive data on any kind of form however genuine it may seem.

By the way Amartya the new way of attacks was an eye opener. Thanks for letting us know about it. I seldom logout from my gmail account so might not well encounter this situation but definitely helpful for the others.

Ford5 · 26th February 2012, 14:19

Received this RBI $500,000 phishing mail today asking me to deposit Rs. 13,500/- as some transaction fee! Can definitely make out its been done in India. Opened up in MS word.

Page 3 is the best in the mail

Dushie · 26th February 2012, 14:53

I think this one beats all and is the height of phishing.Putting the RBI governor's photo and name to good use.Someone has really gone lengths to scam people out of their money.

mm403 · 26th February 2012, 22:35

Received a mail from refunds.ptatincometaxindiafiling.gov.in stating that I am supposed to get a refund of 30K ( I immediatly had a doubt as was sure not expecting any refund), The mail asked me to key in my bank account details by clicking a hyperlink. Hypelink took be to income tax dept site where there was warning which clearly mentioned that they never send any mails for refund. The link listed number of banks, tried clicking on one of those and found that its not a https site.

(I never intended to enter my bank details but was just exploring the links)

Guite · 14th July 2014, 10:30

Clear Phising attempt; I got following email:

From: admin@icicidirect.co.in
Subject: ICICI BANK : Please Update Your ICICI Bank Details
To: me <admin@icicidirect.co.in>

Quote:

Dear NetBanking User ,

We have Introduced the New 2FA authentication system. Your Gird Values will be required for any
Transaction been carried out on the NetBanking platform.

All Users are advised to get the new ICICI Card with Grid values at the back of your card.

Therefore, There is currently some upgrade with the ICICI Bank database. We are requesting all Netbaking
users to update their NetBanking details by downloading the update form attached in this email then
follow the required Steps and Update their details with the new Server.

Download the NetBanking Secured Update Form and Update Your Details As Requested

Once we have received your information we will review it.
If the review is successful, then your Netbanking will be highly secured and New features added.
Failure to update will leads to Netbanking access been blocked

ICICI Bank

NetBanking Department

There is an html file attached. if you open that file it will lead to "http://visiontuitiongoldcoast.com.au/wp-includes/certificates/icici/". Dead give away but may still fool some people.

dre@ms · 15th July 2014, 15:50

^^ By clicking on Personal, it takes me to a static page to enter all details. Boy, it definitely looks like a genuine page. Complete rip-off from ICICI website. Only catch, none of the links/categories are hyperlinked except for the input and submit fields.

ICICI Bank Phishing Alert !!!! - New Technique-capture.jpg

Edit: Reported to ICICI

22nd July 2010, 16:14	#16
DCEite Senior - BHPian Join Date: Sep 2004 Location: NCR Posts: 3,588 Thanked: 3,479 Times	After forwarding the phishing mail to ICICIBank, received following reply from Bank: Dear Customer, Thank you for writing to us and bringing this e-mail to our notice. We wish to inform you that the e-mail you have received has not been sent by ICICI Bank. This is a scam called "phishing" wherein certain individuals/entities solicit, through e-mail, personal information like Internet Banking User id, passwords, credit / debit card numbers, bank account information, or other personal and sensitive information from unsuspecting customers . Clicking on the link or even pasting it in the address bar of your browser will take you to a fraudulent site. This fraudulent link will normally not have the padlock sign in the tool bar which will discriminate this site from our genuine site ( icicibank.com ) We urge you not to reply to such e-mails. Please do not share any of your personal information in response to such mails. ICICI Bank will not ask for this information via e-mail or by directing you to a link online. If you have revealed your account details in response to this e-mail or any such, please call and inform our ICICI Bank 24-hour Customer Care immediately and put in a request to block your user id and password. You may continue to transact with ICICI Bank by typing ( icicibank.com ) in the address bar of your browser window without any apprehension. We reassure you that we use the latest encryption and SSL security devices to make our web site safe for use. May we request you also to forward this e-mail to your friends and family members so they too are aware of similar "phishing" scams. Please visit the 'Safe Banking' section on our web site for "Safety Tips" and more information on a secure online banking experience. We reiterate that ICICI Bank acts at all times with in good faith, with diligence and without any intent prejudicial to the interests of its customers. Thank you, Sincerely, Chanchal Srivastav Office of Head Service Quality CONFIDENTIALITY INFORMATION AND DISCLAIMER "This e-mail message may contain confidential, proprietary or legally privileged information. It should not be accessed by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. The recipient acknowledges that ICICI Bank or its subsidiaries and associated companies, (collectively "ICICI Group"), are unable to exercise control or ensure or guarantee the integrity of/over the contents of the information contained in e-mail transmissions and further acknowledges that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of ICICI Group. Before opening any attachments please check them for viruses and defects.
	() Thanks

30th December 2010, 15:02	#18
Guna Senior - BHPian Join Date: Nov 2007 Location: Bangalore Posts: 4,182 Thanked: 4,620 Times	Re: ICICI Bank Phishing Alert !!!! - New Technique Got a mail from ICICI (supposedly) with a subject title 'Attention! Your Account is Restricted'. It looked like a phishing mail and have reported it to the bank. Guys, pls be careful as the mail looks as if it has been sent by ICICI and prompts you to use login credentials.
	() Thanks

14th April 2011, 08:06	#22
hellboy999 BHPian Join Date: Mar 2011 Location: Mumbai Posts: 38 Thanked: 0 Times	Re: ICICI Bank Phishing Alert !!!! - New Technique The best possible solution I can think off for this is to never open any bank or email website via a link.We should always make it a point to type out the address or for that matter copy paste from our existing resources like a notepad. This will certainly help prevent any chance phishing.Plus people should genuinely refrain from keying in any sensitive data on any kind of form however genuine it may seem. By the way Amartya the new way of attacks was an eye opener. Thanks for letting us know about it. I seldom logout from my gmail account so might not well encounter this situation but definitely helpful for the others.
	() Thanks

26th February 2012, 14:19	#23
Ford5 BHPian Join Date: Oct 2011 Location: Bangalore Posts: 502 Thanked: 341 Times	Re: ICICI Bank Phishing Alert !!!! - New Technique Received this RBI $500,000 phishing mail today asking me to deposit Rs. 13,500/- as some transaction fee! Can definitely make out its been done in India. Opened up in MS word. Page 3 is the best in the mail Attached Thumbnails
	() Thanks

26th February 2012, 14:53	#24
Dushie BHPian Join Date: Sep 2007 Location: Bangalore Posts: 241 Thanked: 131 Times	Re: ICICI Bank Phishing Alert !!!! - New Technique I think this one beats all and is the height of phishing.Putting the RBI governor's photo and name to good use.Someone has really gone lengths to scam people out of their money.
	() Thanks

26th February 2012, 22:35	#25
mm403 BHPian Join Date: Jun 2011 Location: Pune Posts: 160 Thanked: 73 Times	Re: ICICI Bank Phishing Alert !!!! - New Technique Received a mail from refunds.ptatincometaxindiafiling.gov.in stating that I am supposed to get a refund of 30K ( I immediatly had a doubt as was sure not expecting any refund), The mail asked me to key in my bank account details by clicking a hyperlink. Hypelink took be to income tax dept site where there was warning which clearly mentioned that they never send any mails for refund. The link listed number of banks, tried clicking on one of those and found that its not a https site. (I never intended to enter my bank details but was just exploring the links)
	() Thanks

15th July 2014, 15:50	#27
dre@ms BHPian Join Date: Oct 2006 Location: MADRAS Posts: 642 Thanked: 206 Times	Re: ICICI Bank Phishing Alert !!!! - New Technique ^^ By clicking on Personal, it takes me to a static page to enter all details. Boy, it definitely looks like a genuine page. Complete rip-off from ICICI website. Only catch, none of the links/categories are hyperlinked except for the input and submit fields. Edit: Reported to ICICI Last edited by dre@ms : 15th July 2014 at 15:58.
	() Thanks