Wibbly Stuff

Beware of Spam Attacks!

As internet is getting popular day by day, spam attacks have got widespread. Spammers apply different tricks to know your personal information such as your ATM PIN! I'm writing this because today I got such a mail.

Dear Bank of India member,

We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons.

We now need you to re-confirm your account information to us.

If this is not completed by February 19, 2010, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.

 

To confirm your Bank of India Online Banking records click on the following link:
http://www.bankofindia.com/web/internetbank.aspx


Thank you for your patience in this matter,
Bank of India Customer Service

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.


I was confused because it was from Bank of India and I had no Bank of India account.
So I took a look at the source code of the Email. And found this,

To confirm your Bank of India Online Banking records click on the following link:

<A href="http://c-76-107-91-26.hsd1.ms.comcast.net/ind.html"><U>http://www.bankofindia.com/web/internetbank.aspx</U></A>


No real banks will give you another link hidden labled with a different link. And even no such link exists that is shown. So I took a step ahead. I went to the real Bank of India site and started internet banking demo. It was like following.



Perhaps it is worth mentioning that Internet Banking with Bank of India is only possible in Internet Explorer and I was using Firefox in Linux.
Then I went to the spammer's link and it was like following.


Then I gave username satya256 and password 321654(no such accounts exist) and clicked log in. The following page appeared.


It was asking to update my profile and there is a PIN code field there in the form!
It is easy for a noob to fall in the trap. Then when i gave fake info. and clicked submit, it redirected to the official history page http://bankofindia.com/history.aspx.

Thanks to Gmail's spam filter. I strictly recommend you to check source code and confirm all details before proceeding with such matter.