eScan Warns Users of ICICI Netbanking about Phishing Email Scam

Firstpost.com reported on 12th February, 2014 stating that eScan, an anti-virus and content security solution provider, had warned online users of a renowned Indian Bank ICICI about an email phishing campaign which is presently targeting them.

The fake email begins by praising the Bank saying that ICICI has constantly been striving to provide the customer more security, control and convenience in his management of his online banking accounts. The email notes that the Bank is taking pains to function as accords to the guidelines of ISO (International Organization for Standardization) and has thereby created an improved security portal for customer's online banking and has also improved its 'ICICI Electronic-Sign Consent' and 'Online Access'. The email tells the recipient that it has become obligatory for him to login his online account using the link to update his account details. Hence, he is requested to download the attached file so as to renew his account information.

The email also warns users that if they don't update their account information within 72 hours then their account will be suspended.

Actually, the email is not from ICICI. Rather it is a crude phishing attempt to gather personal and financial data from customers of ICICI. Experts of the security firm highlight that those who fall in the scammer's trick and click the link will be taken to a fake website which has been designed as a real webpage of ICICI. Then victims will be asked to enter their account login details to access the site. After login, they will be asked to provide financial and personal data like credit card numbers and contact details.

Criminals will collect all the submitted information and use these to hijack genuine ICICI accounts and steal identities to commit credit card fraud.

The scammers apparently rely on some innocent recipients who got convinced by technical terms like ICICI Electronic-Sign Consent will follow the instructions without due precaution.

The ICICI Bank clarifies that it never asks clients via email about their sensitive account information like PIN, password, account number etc. It also instructs its clients to forward such phishing emails to antiphishing@icicibank.com and call its 24-hour customer care or visit "Customer Service" at www.icicibank.com.

» SPAMfighter News - 2/19/2014