Phishing

 

What is Phishing?

 

Phishing is a term used to describe the action of e-mail fraudsters who "phish" (fish) for web users' identities. Phishers often use a well-known Bank, online retailer, or a credit card company name. Their objective is to convince consumers to share their Customer ID, Password, PIN number, Debit card number and personal financial information that the phishers then use to commit fraud.

 

A BANK (OR ANY OTHER LEGITIMATE ORGANISATION) WILL NOT SEND AN E-MAIL MESSAGE TO ITS CUSTOMERS ASKING THEM TO VISIT ANY WEB SITE TO PROVIDE PERSONAL INFORMATION.

 

Phishing may often lead to Identity Theft – when someone illegally obtains and uses another individual’s personal information to commit fraud or deception for economic gain. Spoof e-mails are distributed just like Spam to anyone whose e-mail address is on the fraudsters' lists, whether they are a user of that particular site or not.

 

The vast majority of phishing scams consist of a forged e-mail message that links to a forged web page or site. The forged web pages usually contain a form to capture the information that the scammers want to use to commit fraud. The information is often used to conduct fraudulent ATM, debit or credit card transactions and transact using Net banking.

 

Indications of Phishing

 

The e-mail message:

• Wording used does not look like a request from a legitimate company.
• May contain slipshod grammar and bad spelling or sentence construction. However, beware; this may not always be true.
• Details requested are not likely to have been compromised in the manner implied and would never be asked for in such an offhand, casual, manner.
• Contains a clickable link with text asking you to use the link to validate your personal or financial information. This link will be used to send you to a “spoofed” web-site.

 

The 'spoofed' web-site:

• Careful inspection may well highlight unreasonable excuses and information requests (i.e., not the usual type of information asked for, it will perhaps be more 'prying' than you would expect).
• Overall, may be of unexpectedly shoddy presentation. Beware; this may not always be true.
• There may be 'weaknesses' in branding, colour variations to logos, and miss-spelt words.

 

By being vigilant, you can prevent becoming a victim of these scams.

 

 

Avoiding Phishing Attacks

 

To avoid phishing scams, take the following precautions:

• Treat all e-mail messages with suspicion. What you see in the body of the message can be forged, the sender's address or return address can be forged, and the header can also be manipulated to disguise its true origin.
• Delete the e-mail message immediately.
• Never send any personal or financial information to anyone via e-mail.
• Regularly log into your online accounts – at least once a month.
• Scrutinise your Bank and debit card statements and ensure that all transactions are legitimate. If anything is suspicious, contact your Bank and all card issuers immediately.
• Setup either email or SMS alerts on your netbanking account for all transactions.
• IMPORTANT RULE: Never use a link in an e-mail message to get to any web page. If you want to go to another web page, type the URL directly into your browser's address bar to ensure that you are reaching the correct web page.
• Always access the net banking webpage via the official YES BANK website www.yesbank.in
• Check the webpage’s URL. When browsing the web, the URL also referred to as the web page address begins with the letters “http”. However, over a secure connection, the address displayed should begin with “https” - note the “s” at the end that stands for “secure”.
• Check for the Padlock icon. Microsoft Internet Explorer always displays the lock icon at the bottom right of the browser window for secure webpage’s. Double-click on it to see details of the site's security.

In case you get an email asking you to enter your personal security details or a Bank staff approaches you to disclose your password, please report to us. You can send an email to fraudreport@yesbank.in

 

   

Ensure that you check on the authenticity of the certificate by reviewing details like ‘Issued to’, ‘Issued by’ and ‘Validity’.

 

What we have done to secure your online experience?

 

ü      Customer ID and password for access to your net banking account

Access to your net banking account is only possible once you have authenticated yourself using the correct Customer ID and password. It is vital that you do not write or share your password with someone and do not use the same password for your other online accounts.

 

ü      Two Factor Authentication

At YES BANK we have implemented a second level of authentication for transactions above a certain value. A one-time password will be sent to the customer through his mobile phone or PDA for that transaction thus providing enhanced levels of protection by implementing soft tokens.

 

ü      Automatic Account lockout

After a given number of unsuccessful attempts to login to a net banking account, the account is automatically locked out to avoid an unauthorised user from accessing your account by guessing passwords. To re-activate your account you need to get in touch with a phone banking executive.

 

ü      Automatic Session Timeout

After a predetermined time of inactivity on a net banking account, the session automatically times-out thus logging the user out of the account. This is done to prevent anyone from misusing your account if you have accidentally forgotten to logout of your net banking account.

In addition, after logging into YES BANK net banking, you cannot use the ‘Back', ‘Forward' and ‘Refresh' buttons of your browser. If you click any of these buttons, your secure session will be logged out automatically. This is done to ensure that no unauthorised entry is made into your net banking account during your absence from your computer system.

 

ü      All net banking pages viewed by the customer and cookies created on the users workstation are automatically deleted from the local browser cache on logout to prevent data leakage or session re-creation.

 

ü      Data Encryption

Secure Sockets Layer (SSL) Encryption is used within your net banking session to encrypt all your personal and account information from the time it is sent from your desktop to the point it reaches our servers in order to ensure no one else can read it.

 

At YES BANK, we use a 128-bit SSL Encryption, which is an industry standard. Our SSL digital certificate has been signed and verified by VeriSign.

 

ü      Implemented a layered approach to securing our network infrastructure that provides maximum security from internet threats and new vulnerabilities.

 

ü      Real-time monitoring of our network infrastructure to identify new threat vectors in order to protect our customer’s information.

 

What you need to do to secure your online experience?

 

ü      Keep your identity secure

Avoid accessing your net banking site from terminals located at cybercafés, public places or libraries. To protect identity theft always logon from trusted terminals only.

 

ü      Password protect your desktop

Always ensure that your desktop or laptop is always protected with a password. This ensures that unauthorised users do not have access to your system.

 

ü      Disable the ‘Auto Complete’ feature in your internet browser

This prevents others from accessing your personal details or automatically accessing your net banking account. Follow these steps to disable the same within Internet Explorer

1.                  Tools à Internet Options

2.                  Content à Under Personal Information à click AutoComplete

3.                  Uncheck AutoComplete for ‘Forms’ and ‘User names and passwords on forms’

4.                  Click ‘Clear Passwords’ and press OK.

 

ü      Use strong passwords

Always ensure that you use strong passwords to secure your net banking account. Your passwords should be complex and difficult for others to guess. Use lowercase, uppercase alphabets and numbers in your passwords. The length of your password must be atleast eight characters.

 

ü      Change passwords regularly to avoid misuse

Do not share your passwords/PINs with anyone, not even your family members. Do not reveal your passwords to a YES BANK employee or customer care executive.

 

ü      Do not write down passwords or PINs to avoid forgetting them

 

Say YES to a secure netbanking experience

 

Rules that are required to be followed by customers that offer the most protection with the least amount of effort are elucidated below. By following these rules you will greatly increase your PC's protection, not just when you use our Net Banking services but when you use the internet in general.

 

ü      Updates and Patches: System vulnerabilities are discovered from time to time and to address these vulnerabilities patches are distributed by vendors. The vulnerabilities are utilized by malicious code writers to exploit systems. To ensure that there are no vulnerabilities on your system please ensure that all the latest patches and updates for the operating system (OS) have been installed. These patches are distributed by the system vendors via the internet and are available for free.

 

For Microsoft based Windows operating system please visit http://windowsupdates.microsoft.com the site will automatically scan your system and recommend the required updates and patches.

 

ü      Anti-virus software: Antivirus software is a term used to describe a computer program that attempts to identify, neutralize or eliminate malicious software. Always ensure that an anti-virus program is installed and running on your desktop. Antivirus software typically uses dictionary techniques to accomplish this by examining (scanning) files to look for known viruses matching definitions in the virus dictionary. To ensure that you’re anti-virus stays effective make sure that the virus dictionary (or Definition) files remains updated.

 

Common commercial anti-virus programs are McAfee, Symantec (Norton), Kaspersky.

 

ü      Personal Firewall: A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. When installed and configured properly, it stops unauthorised traffic to and from your PC.

 

There are many effective programs to choose from. Microsoft Windows comes with an inbuilt Windows Firewall (Refer, Settings à Control Panel). Common commercial firewall examples include Zone Labs, McAfee and Computer Associates.

 

ü      Anti-spyware software: Spyware is computer software that is installed stealthily on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent. Spyware programs can collect various types of personal information, it can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. Spyware can even change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs.

 

In response to the emergence of spyware, installing anti-spyware software has become very vital. Running anti-spyware software has become a widely recognized element of computer security best practices for Microsoft Windows desktop computers.

 

Anti-spyware security software currently available includes McAfee, Spybot Search and Destroy, Websense’s Spy Sweeper, Spyware Eliminator, Counterspy, Trend Micro’s Hijack this, Spyware Doctor and Microsoft antispyware. We strongly recommend that you install and use a reputable anti-spyware product to protect yourself against spyware on your PC.

 

ü      Password Advisory: Passwords are the key to your online account information. Avoid using the same password for different websites that are important to you. Doing so puts your money at risk should anyone discover this single password. For this reason, you are strongly advised to have a unique password for any services as critical as your Internet banking.

 

When choosing a suitable password, you might consider the following:

 

ü      Be different – Avoid using the same password for different services.

ü      Don’t be personal – Do not be tempted to use passwords that can be easily guessed, e.g. children’s names, pets' names, birth dates, and telephone numbers.

ü      Never write them down – We strongly recommend that you never write down or otherwise record your passwords. If, however, you feel that you have no alternative but to do so, you should ensure that you never write down or otherwise record your passwords in a way that can be understood by somebody else.

ü      In any event, you should never disclose your Internet login details anywhere online except at your usual online banking website which should be accessed in the normal way and never via a link in an email.

 

Please note that these measures by themselves will not ensure hundred percent security, but will be a sound beginning in getting there. For more details on how to ensure a secure internet experience refer the Computer Emergency Response Team – India (CERT-In) advisory Securing Home Computers

 

Money Mules

 

What is a money mule?

 

A money mule is a person who transfers money and reships high value goods that have been fraudulently obtained in one country, usually via the internet, to another country, usually where the perpetrator of the fraud lives.

 

How The Fraudsters Operate?

 

1. Fraudsters contact prospective victims (money mules) with job vacancy ads via spam e-mail, Internet chat rooms or job search Web sites. Jobs usually are advertised as financial management work, and ads suggest that no special knowledge is required.

 

2. The crime rings persuade the victim to come and work for their fake company. Some fraudsters even ask mules to sign official-looking contracts of employment.

 

3. Once recruited, money mules receive funds into their accounts. These funds are stolen from other accounts that have been compromised.

 

4. Mules then are asked to take these funds out of their accounts and forward them overseas (minus a commission payment), typically using a wire transfer service.

 

5. As the account of the mule has been involved in the transaction, the mule also becomes an unwitting participant in the frauds.

 

How you can avoid getting involved in a money mule scam?

 

1. Be cautious about any unsolicited offers or opportunities offering you the chance to make some easy money. Be especially wary of offers from people or companies overseas as is harder for you to find out if they really are who they say they are.

 

2. Money mule adverts or offers can take a variety of different forms and they may even copy a genuine company's web site and register a similar web address to add authenticity to the scam.

 

3. These adverts will normally state that they are an overseas company seeking "representatives" or "agents" to act on their behalf for a period of time, sometimes to avoid high charges for making payments, or local taxes.

 

4. The advert may be written in poor English with grammatical and spelling mistakes and they may urge you not to inform the bank or the police about the reason for making the payments. The adverts may seek people with accounts at certain banks, or Internet payment systems.

 

5. Take steps to verify any company which makes you a job offer and check their contact details (address, phone number, email address and web site) are correct and whether they are registered.

 

Reporting suspicious emails

 

If you do receive a suspected money mule email, please forward it to our report a scam email address fraudreport@yesbank.in

 

Reminder:

ü      Be wary of any unsolicited offers or opportunities for work, especially if the company is based overseas

ü      Verify the details of any company that you are consider dealing with and never give your bank account details to someone you don't know or trust

ü      Contact the bank immediately if you think that you may have become involved in a money mule scam

ü      If you see an opportunity to make some easy money and the offer seems too good to be true, then it probably is.