Tag Archives: phishing

HDFC Alerts (R) Account Attempt Error User Login

Posted on by

I recently got this mail. It turned out to be fake but it almost caught be unguarded. This is the contents of the mail.

 

Dear Esteemed Customer,

Your Account has been flagged for Security issues within the last 24 hours. You are hereby mandated to confirm with our customer care your Online Login Information to quickly access this error. To ensure Smooth Banking Operation, You are also informed to correctly fill in your Secure Online Questions and Answers which you had already updated with our Bank upon your Registration.

Please click the link below to verify your account with us.


Click Here To Resolve The Issue

This Notice is strictly for Third Party Account Holders Only.

Thank You
Customers Service

Please endeavour To Open the Your Account Update Link using Internet Explorer 5.5 or Above .

Thank you for using HDFC Bank Ltd !
Copyright© 2010 – HDFC Bank Ltd. All rights reserved.

Information on protecting yourself from fraud, please review the Security Tips in our Security Center.

This is actually a form of phishing.

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Quoted from Wikipedia.

There were four things which saved me.

1. The mail went to spam section. Credit goes to Google mail(Gmail) for this because unlike Yahoo mail it doesn’t put useful mails into spam. So I trusted Google mail to do its job.

2. On checking the sender email id, I realized it was from commercial Internet domain name (.com) instead of it being .net. All the mails from HDFC bank comes on domain ending with .net. This mail was from “customercare@hdfcbank.com” instead of net“.

3. Importantly I had never received this message despite trying to logging in with wrong passwords, Accidentally of course.

4. The most important point, the URL didn’t work. It was brought down for performing illegal action.

The fourth point also meant I could not see the html file, which also meant the end of the investigation. May be it’s a good thing that I don’t use Windows OS and there is no risk of using Internet Explorer, since the mail requested me to use IE. Somehow using Ubuntu and Macintosh(without Safari) makes me feel a little safer.

If you ever come across such mails be careful, because banks normally don’t ask you to login to Update your Account.

Please make time to go through the link, it contains a list of other spam mails.

Merry Christmas and Happy Holidays!