What is Phishing?

Phishing is worldwide problem faced by internet users. It is the act of attempting to acquire information such as user names, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.

Phishing emails received by eBanking users may contain links to websites that are infected with malware and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate website of the Bank.

How does phishing happen?

Phishing emails contain link which on clicking, redirect user to a webpage which has similar layout as original website. These emails generally advised user to update information to avoid blocking of his/her eBanking account. In general, user commits following mistakes:

  • User clicks over embedded hyperlink and redirected to a fake website, which has similar look and feel of original website.
  • User submits all the details like login credentials, registered mobile number and email id along with email login password to get OAC code to authorise beneficiary, in the field available in the webpage.
  • User redirect to legitimate website to show that user has followed correct procedure and now his account is secure.
  • The details submitted by user are actually transferred to the fraudster’s database, which is later used by them for online fund transfer.

Many times, user gets trapped to avoid any convenience caused due to blocking of his/her account. They are different ways used to get login credentials through phishing attack. Some of them are given below:

  Case 1:  
 

Customer receives email containing hyperlink to update his information for security reason. Once user clicked the link, he will redirect to illegitimate website which has similar look and feel of genuine website. User instructed to provide sensitive data to validate his identity. When user submits the details he will be redirected to legitimate website but his confidential data will transfer to the fraudster.

 
  Bank’s response:  
 

Bank will never send any email which has embedded link. Customers are advised not to click such links and immediately report to UCO BANK

 
  Case 2:  
 

To avoid any fraud using eBanking service, Bank has introduced One Time Activation Code, which is required to authorise beneficiary before making any payment. User receives this OAC on his/her registered mobile number and e-mail id.
Fraudster sends SMS or makes call on registered mobile number and inform customer that he will receive a code which is required to validate his credentials/identity. Later customer receives a call, which appeared to be from Bank Employee to validate his identity by asking OAC received in his registered mobile number. Once fraudster gets hold of OAC, he can add fake beneficiary and do the fund transfer.

 
  Bank’s Suggestion:  
 

Bank will never ask any sensitive information like login credentials or registered email id along with password from the customer over phone. So never disclose your sensitive data to anyone.

 
  Case 3:  
 

Fraudster by knowing registered mobile number, contact user as a marketing agent and ask for any of his identity proof along with photograph for some lucrative offers. After getting identity proof, fraudster can approach mobile service provider and may get a new SIM which he can use for beneficiary addition without knowledge of eBanking user and do fund transfer.

 
  Bank’s Suggestion:  
 

Never provide your identity proof to anyone without any genuine reason.

 
  Case 4:  
 

Fraudster may approach customers at offices / residences to fill survey questionnaires and offer gifts in exchange. These forms contain questions on confidential data.

 
  Bank’s Suggestion:  
 

Never disclose your sensitive information to such offers.

 
  Case 5:  
 

As an awareness program, Banks and regulatory bodies like RBI, Income Tax (I.T) Dept. are sending e-mails and SMSs to the customers. Phishers now send emails to the customers from email ids, which look similar to email ids of Bank or regulatory bodies, like RBI / I.T. dept., and advise customer to submit confidential data.

 
  Bank’s Suggestion:  
 

Bank never asks for confidential data like login credentials or password of registered e-mail id. Customers are advised that never respond to such emails and in such case, immediately report to the UCO BANK

 
  Case 6:  
 

Customer receive emails with attachments that carry virus / Trojan. The keyed-in data is captured by the malware and transmitted to online fraudster.

 
  Bank’s Suggestion:  
 

Never open any spam or junk mail to avoid such incidence. Customers advised to have updated anti-virus in their system.

 

Click here to see an example of modus operandi of phishing mail and how they trying to get confidential information from the customers.

How to identify a Phishing attempt?
  • Bank never sends emails to the eBanking users asking any kind of confidential data. Any such email asking confidential information is a phishing and should not be entertained by the customer.
  • If customer moves mouse over the hyperlink embedded in received email, he can see the real URL of the phishing website.
  • Before providing login details, please ensure correct URL with https:// is appearing in the address bar.
  • Login page contains the link to Norton Secured seal. If user clicks over the image, he can see the certificate details in his screen. Whereas, any phishing webpage will have only image of Norton Secured.
How to avoid Phishing?

  • Always pay attention towards address bar of your browser while using eBanking service and make sure that you are accessing eBanking portal through secured HTTPS:// channel
  • Customers are advised not to disclose confidential details like passwords, email id along with password to anyone, even to the bank employees or any emails / links from government bodies like RBI, I.T. Dept. etc
  • Users are advised to login through WWW.UCOBANK.COM. Do not use links to login which is received in any email.
  • Never disclose your password to anyone and try to change it in regular interval.
  • Always update your latest mobile number and e-mail id in the Bank’s record.
  • Install effective anti-virus/anti-spyware/personal firewall on your computer/mobile phone and update it regularly
  • Do not open email attachments from strangers as they may contain virus/Trojan which transmit your data to fraudster without your knowledge.
  • Click on the Norton Secured icon appearing on the left side of the login page will display the digital certificate to ensure that you are legitimate website.
  • Report the incident to the UCO Bank
How to report a phishing attempt?
  • Forward the original e-mail to UCO BANK immediately.
  • Report the incident with caller's no., date and time of call, etc at our 24-hour Customer Care
What should you do if you have entered data on a fraudulent link?
  • Change the passwords immediately
  • Report the incident at our 24-hour Customer Care
What should you do if your money has been fraudulently transferred through phishing?
Inform the bank immediately