What Is Phishing?

Phishing is an attempt by fraudsters to 'fish' for your banking details. A phishing attempt usually is in the form of an e-mail that appears to be from your bank. The e-mail usually encourages you to click a link in it that takes you to a fraudulent log-on page designed to capture your details. E-mail addresses can be obtained from publicly available sources or through randomly generated lists. Therefore, if you receive a fake e-mail that appears to be from ICICI Bank Limited, New York Branch, it does not mean that your e-mail address, name, or any other information has been taken from our systems.

How The Fraudsters Operate?

• Fraudsters send fake e-mails claiming that your information has been compromised, due to which your bank account has been de-activated/suspended, and ask you to hence confirm the authenticity of your information/transactions like credit card number, Personal Identification Number (PIN), passwords or personal information, such as mother's maiden name. In order to prompt a response, such e-mails usually resort to using statements that convey an urgent or threatening condition concerning your account.
• While some e-mails are easy to identify as fraudulent, others may appear to be from a legitimate source. However, you should not rely on the name or address in the "From" field alone, as this can be easily duplicated.
• Very often, such phishing e-mails may contain spelling mistakes. Even the links to the counterfeit websites may contain URLs with spelling mistakes, to take you to a fake website which looks like that of your bank.
• Some fake e-mails promise a prize or gift certificate in exchange for your completing a survey or answering a few questions. In order to collect the alleged prize, you may be asked to provide your personal information.
• Fake e-mails appear to be sent by companies to offer a job. These are often for work-at-home positions that are actually schemes that victimize both the job applicant and other customers. Fake e-mails may direct you to counterfeit websites carefully designed to look real. Hence, such websites may look very similar and familiar to you, but are in fact used to collect personal information for illegal use.
• Such e-mails attempt to convey a sense of urgency or threat. For example: "Your account will be closed or temporarily suspended if you don't respond." Or, "You'll be charged a fee if you don't respond".

Examples Of Phishing E-mails

Tips To Protect Yourself From Phishing

• ICICI Bank Limited New York branch will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet Banking security details like PIN, password or account number, you should not respond.
• Whenever you use a link to access a website, be sure to check for the URL of the website and compare it with the original. We recommend that you type in the URL yourself whenever you access www.icicibankusa.com or bookmark/store the URL in your list of 'Favorites'.
• Delete suspicious e-mails without opening them. If you happen to open them, do not click any link or attachment they may contain.
• If you receive a job offer via e-mail, ensure that its from a genuine and reputed company.

What Is Spoofing?

Website spoofing is the act of creating a website, as a hoax, with the intention of performing fraud. To make spoof sites seem legitimate, phishers use the names, logos, graphics and even the code of the actual website. They can even fake the URL that appears in the address field at the top of your browser window and the padlock icon that appears at the bottom right corner.

How Do The Fraudsters Operate?

Fraudsters send e-mails with a link to a spoofed website asking you to update or confirm account-related information. This is done with the intention of obtaining sensitive account- related information like your Internet Banking user ID, password, PIN, credit card / debit card / bank account number, card verification value (CVV) number, etc.

Tips To Protect Yourself From Spoofed Websites

• ICICI Bank Limited, New York Branch will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet Banking security details like PIN, password or account number, please do not respond.
• Check for the padlock icon: There is a de facto standard among web browsers to display a padlock icon somewhere in the window of the browser For example, Microsoft Internet Explorer displays the lock icon at the bottom right of the browser window. Click (or double-click) on it in your web browser to see details of the site's security. It is important for you to check to whom this certificate has been issued, because some fraudulent websites may have a padlock icon to imitate the padlock icon of the browser.
• Check the webpage's URL. When browsing the web, the URLs (web page addresses) begin with the letters "http". However, over a secure connection, the address displayed should begin with "https" - note the "s" at the end.

For example: Our home page address is http://www.icicibankusa.com. Here the URL begins with "http" meaning this page is not secure. Click the tab under "Login". The URL now begins with "https", meaning the user name and password typed in will be encrypted before being sent to our server.

What Is Vishing?

ishing is a combination of Voice and Phishing that uses Voice over Internet Protocol (VoIP) technology wherein fraudsters feigning to represent real companies such as banks attempt to trick unsuspecting customers into providing their personal and financial details over the phone.

How The Fraudsters Operate?

A typical vishing attack could follow a sequence such as this:

• The fraudster sets up an automatic dialer, which uses a modem to call all the phone numbers in a region.
• When the phone is answered, an automated recording is played to alert the customer that his/her credit card has had illegal activity and that the customer should call the recorded phone number immediately. The phone number is with a caller identifier that makes it appear that they are calling from the financial company they are feigning to represent.
• When the customer calls the number, it is answered by a computer-generated voice that tells the customer they have reached 'account verification' and instructs the consumer to enter his/her 16-digit credit card number on the key-pad. A visher may not have any real information about the customer and would address the customer as 'Sir' and 'Madam' and not by name or the prefix 'Mr....' or 'Ms...'.
• Once a customer enters his/her credit card number, the "visher" has all the information necessary to place fraudulent charges on his/her card. Those responding are also asked for the security number found on the rear of the card.
• The call can then be used to obtain additional details such as security PIN, expiry date, date of birth, bank account number, etc.

Tips To Protect Yourself From Vishing

• Your bank would have knowledge of some of your personal details. Be suspicious of any caller who appears to be ignorant of basic personal details like first and last name (although it is unsafe to rely on this alone as a sign that the call is legitimate). If you receive such a call, report it to your bank.
• Do not call and leave any personal or account details on any telephone system that you are directed to by a telephone message or from a telephone number provided in a phone message, an e-mail or an SMS, especially if it is regarding possible security issues with your credit card or bank account.
• When a telephone number is given, you should first call the phone number on the back of your credit card or on your bank statement to verify whether the given number actually belongs to the bank.

What Is Skimming?

Skimming is a method used by fraudsters to capture your personal or account information from your credit card. Your card is swiped through the skimmer and the information contained in the magnetic strip on the card is then read into and stored on the skimmer or an attached computer. Skimming is a tactic used predominantly to perpetrate credit-card fraud - but it is also a tactic that is gaining in popularity among identity thieves.

How The Fraudsters Operate?

• At ATM machines
  Fraudsters insert a skimming device to the ATM's card slot. This device scans the card and stores its associated information. While a customer keys in his PIN, the wireless skimming device transfers the data to the fraudsters. This information is then used by the fraudsters for online shopping or to make counterfeit credit cards.
• At Restaurants / Shopping Outlets
  At restaurants and shopping outlets, the credit card is swiped twice, once for the regular transaction and the other in the skimmer that captures the personal information which is retrieved later by the fraudsters.

Tips To Protect Yourself From Skimming

• Sign on the reverse of your credit card as soon as you receive it.
• Collect your receipts / charge slips at ATMs, restaurants and shopping outlets.
• Use your card with merchants whom you know and can trust. Never allow a shopkeeper to take your card to a different shop/room for swiping.

What is a Money Mule?

Once the fraudster has captured personal information using any of the ways indicated above, he needs an account to which he can transfer funds from the compromised account. This is where a "Money Mule" comes into picture. A Money Mule is an unwitting participant in the fraud who is recruited by fraudsters to launder stolen money across the globe.

How The Fraudsters Operate?

• Fraudsters contact prospective victims (money mules) with job vacancy ads via spam e-mail, Internet chat rooms or job search web sites. Jobs are usually advertised as financial management work, and ads suggest that no special knowledge is required.
• The crime rings persuade the victim to come and work for their fake company. Some fraudsters even ask mules to sign official-looking contracts of employment.
• Once recruited, money mules receive funds into their accounts. These funds are stolen from other accounts that have been compromised.
• Mules then are asked to take these funds out of their accounts and forward them overseas (minus a commission payment), typically using a wire transfer service.
• As the account of the mule has been involved in the transaction, the mule also becomes an unwitting participant in the frauds.

Tips on how you can avoid getting involved in a money mule scam.

• Be cautious about any unsolicited offers or opportunities offering you the chance to make some easy money. Be especially wary of offers from people or companies overseas as is harder for you to find out if they really are who they say they are.
• Money mule adverts or offers can take a variety of different forms and they may even copy a genuine company's web site and register a similar web address to add authenticity to the scam.
• These adverts will normally state that they are an overseas company seeking "representatives" or "agents" to act on their behalf for a period of time, sometimes to avoid high charges for making payments, or local taxes.
• The advert may be written in poor English with grammatical and spelling mistakes and they may urge you not to inform the bank or the police about the reason for making the payments. The adverts may seek people with accounts at certain banks, or Internet payment systems.
• Take steps to verify any company which makes you a job offer and check whether their contact details (address, phone number, e-mail address and web site) are correct and whether they are registered.