preventions (2)

8/12/2019 Preventions (2)

1/23


2/23

spread it on the net. This can compromise thesecurityof your

computer and allow hackers to access your internet bank

account for carrying out unauthorized and criminal transactions.

Also install updated versions of the operating system you are

using. You can also install firewalls, which can protect your

computer from crackers by creating a barrier between your

computer and the internet or network.

Checking your bank statements regularly will help you detect anytransaction that has taken place without your knowledge. Any

unknown transaction can indicate that someone might have

access to your internet bank account. You need to be more

vigilant while accessing the Internet from someonescomputer or

from an Internet cafe.

While banking through the Internet, make sure that the banking

session is secure. You will often get indicators like presence of'https: //' in the URL. Sometimes, a digital certificate can be

viewed if you click on a certain key displayed in the window. In

addition, always remember to completely log off, after completing

the banking session. If you do not log off properly, the banking

session may not be closed, which can enable the crackers to

acquire details about your internet banking.

Nowadays, the banking institutions have come up with a number

of safety measures for ensuring secure internet banking.

Therefore, before conducting any financial transaction with

banks through the Internet, you can evaluate these security

measures. Always beware of those mails that extend some

lucrative offers for making easy money. Do not disclose any

private information, especially related to your internet banking,

unless you are sure about the authenticity of such organizations.

So, following some simple and easy precautionary measures, you
http://www.buzzle.com/articles/computer-security/http://www.buzzle.com/articles/computer-security/http://www.buzzle.com/articles/computer-security/http://www.buzzle.com/articles/computer-security/


3/23

can ward off the threat posed by vicious crackers to the security

of your internet bank account.

Tips for Use When Banking Through the Internet

1.Avoid accessing your Internet Banking account from a cybercafe or a shared computer. However, if you happen to do sochange your passwords from your own computer.

2.Every time you complete your online banking session, log offfrom your bank site. Do not just close your browser.

3.To access Bank's Internet Banking site, always type in thecorrect URL into your browser window. Never click a link

that offers to take you to our website.4.If your log-in IDs or passwords appear automatically on thesign-in page of a secure website, you should disable theAuto Complete function to increase the security of yourinformation.

5.Change your Internet Banking passwords (both log-inpassword and transaction password) after your first log-in,and thereafter regularly (at least once in a month).

6.Your password should be complex and difficult for others toguess. Use letters, numbers and special characters [such as!,@, #,$, %, ^, &,* (, )] in your passwords.

7.For additional security to financial transactions throughInternet Banking, create and maintain different passwordsfor log-in and for transactions.

8.If you have more than one Internet Banking user ID, use adifferent password for each of the user IDs. You may alsoview all your accounts with ICICI Bank under a single userID by linking your various accounts to your preferredInternet Banking user ID.

9.Never share your Internet Banking passwords with others,even family members. Do not reveal them to anybody, noteven to an ICICI Bank employee.

10. Always check the last log-in to your Internet Bankingaccount. Log in to ICICIBank.com and see the left hand sideof the My Accounts page to view the date and time of yourlast log-in.


4/23

Use Internet Banking to Minimise the Risk of offline Fraud

1.Utilise paperless options. Restrict receipt of paperstatements by subscribing to e-mailed bank account

statements, credit card statements and demat accountstatements.2.Monitor your account activity regularly by checking your

balances and statements online through ICICIBank.com.This helps you to detect fraudulent transactions, if any,quickly. The earlier a fraud is detected, the lesser will be itsfinancial impact.

3.Restrict the use of cheques. Transfer funds online betweenyour ICICI Bank accounts or send money to other ICICI

Bank and non-ICICI Bank customers throughICICIBank.com.4.Receive and pay bills online for free with Bill Pay at

ICICIBank.com. Fewer the personal documents sentthrough the mail, lesser the chance of fraud.

5.Link and manage all your ICICI Bank relationships online atICICIBank.com.

6.Register forMobile Bankingand receive alerts upon allsignificant transactions in your account. Learn more about

Mobile Banking.
http://www.icicibank.com/Personal-Banking/onlineservice/mobile-banking/register.htmlhttp://www.icicibank.com/Personal-Banking/onlineservice/mobile-banking/register.htmlhttp://www.icicibank.com/Personal-Banking/onlineservice/mobile-banking/register.htmlhttp://www.icicibank.com/Personal-Banking/onlineservice/mobile-banking/register.html


5/23

Internet banking fraud

Internet Banking Fraud is a fraud or theft committed usingonline technology to illegally remove money from a bank accountand/or transfer money to an account in a different bank. Internet

Banking Fraud is a form of identity theft and is usually madepossible through techniques such as phishing.

Now internet banking is widely used to check account details,make purchases, pay bills, transfer funds, print statements etc.Generally, the user identity is the customer identity number and

password is provided to secure transactions

Online fraud occurs when someone poses as a legitimate

company (that may or may not be in order to obtain sensitivepersonal data and illegally conducts transactions on yourexisting accounts. Often called "phishing" or "spoofing", the most

current methods of online fraud are usually through fake emails,Web sites and pop-up windows, or any combination of such

methods.


6/23

Most internet banking fraud occurs in a two-step process. First,the offender must get their hands on the customer's account

information, like their username and password. Second, theoffender will use that information to move his victim's money to

another account or withdraw it to make fraudulent purchases.For the first step, offenders often employ one of the many popularfraud schemes to obtain personal information. Thesefraudschemes

Hi-tech crimeThe information technology is changing very fast. Thenormal investigator does not have the proper backgroundand knowledge. Special investigators have to be createdto carry out the investigations. The FBI of USA have acell, even in latest scenario there has been cells operatingin the Maharashtra police department to counter cybercrimes C.B.I also have been asked to create special teamfor fighting cyber crimes.

International crimeA computer crime may be committed in one country andthe result can be in another country. There has been lotof jurisdictional problem a though the Interpol does helpbut it too has certain limitations. The different treatiesand conventions have created obstructions in relation totracking of cyber criminals hiding or operation in othernations

No crime -scene:The computer satellite computer link can be placed orlocated anywhere. The usual crime scene is the cyberspace. The terminal may be anywhere and the criminalneed not indicate the place. The only evidence a criminalleaves behind is the loss to the crime.
http://www.spamlaws.com/fraud.htmlhttp://www.spamlaws.com/fraud.html


7/23

Faceless crime:The major advantage criminal has in instituting acomputer crime is that there is no personal exposure, no

written documents, no signatures, no fingerprints orvoice recognition. The criminal is truly and in strict sensefaceless.

There are certain spy softwares which is utilized to find outpasswords and other vital entry information to a computersystem. The entry is gained through a spam or bulk mail.

The existing enacted laws of India are not at all adequate tocounter cyber crimes. The Indian Penal code, evidence act, andcriminal procedure code has no clue about computers whenthey were codified. It is highly required to frame and enactlaws which would deal with those subjects which are new tothe country specially cyber law; Intellectual property right etc.

The main objective of both offline as well as online fraud is tosteal your 'identity'. This phenomenon is commonly known as

"identity theft".Identity theft occurs when someone illegally

obtains your personal information - such as your credit cardnumber, bank account number, or other identification and uses

it repeatedly to open new accounts or to initiate transactions inyour name.

Identity theft can happen even to those who do not shop,communicate, or transact online. A majority of identity theftoccurs offline. Stealing wallets and purses, intercepting or

rerouting your mail, and rummaging through your trash aresome of the common tactics that thieves can use to obtain

personal information. The more you are aware about identitytheft the better prepared you will be.


8/23

Types of Fraud

Banking through E-mail

When any process of internet banking is carried through e-mailsit is called as Banking through e-mail. In this process bank sende-mail about the transaction details of the account holderexample: transfer of money, cheque deposited, dividend received,interest paid, account balance etc.

E-mail Safety Tips

Bank will never send e-mails that ask for confidential information. Ifyou receive an e-mail requesting your Internet Banking details likeyour PIN, password, account number, you should not respond.

Delete suspicious e-mails without opening them. If you happen toopen them, do not click any link or attachment they may contain.

Phishing

What Is Phishing?

Phishing is an attempt by fraudsters to 'fish' for your bankingdetails. A phishing attempt usually is in the form of an e-mail thatappears to be from your bank. The e-mail usually encourages you toclick a link in it that takes you to a fraudulent log-on page designedto capture your details. E-mail addresses can be obtained frompublicly available sources or through randomly generated lists.

Therefore, if you receive a fake e-mail that appears to be from Bank,it does not mean that your e-mail address, name, or any otherinformation has been taken from our systems


9/23

How Phishing Scams Work

You receive an unsolicited email that informs you of the

following:

Update to personal information is required Contest won Client cards or accounts have been suspended Application for products approved Account has expired Some other false premiseFrom there, you are asked to open an attachment/link, or to -reply to a phony email address. If an external link/attachment isused, the user is taken to a malicious site that requestsconfidential personal information (e.g., Bank Card Numbers/UserID, Account Numbers, PINs, Credit Card Numbers, SocialInsurance Numbers, and/or Passwords).

Protect yourself from Phishing emails

No legitimate company will ever ask you to supply sensitiveinformation via email. Nor will they send you an unsolicited emailasking you to login through a link or attachment.

A phishing email can be:

Designed to mimic the look and feel of a genuine company. Poorly written English or gibberish text. Sent through unsolicited emails, containing links or

attachments. The web address will often have the @ symbol or a numeric

address (e.g., 123.456.1.2). The address may also include theword, phrase or text bmo to make it appear authentic.

The "reply-to" field has a completely unrelated addresscompared to the "from" field.


10/23

Spoofing

What Is Spoofing?

Website spoofing is the act of creating a website, as a hoax, withthe intention of performing fraud. To make spoof sites seemlegitimate, phishers use the names, logos, graphics and evencode of the actual website. They can even fake the URL thatappears in the address field at the top of your browser windowand the Padlock icon that appears at the bottom right corner.

How The Fraudsters Operate?

Fraudsters send e-mails with a link to a spoofed website askingyou to update or confirm account related information. This isdone with the intention of obtaining sensitive account relatedinformation like your Internet Banking User ID, Password, PIN,credit card / debit card / bank account number, card verificationvalue (CVV) number, etc.

Tips To Protect Yourself from Spoofed Websites

1 .ICICI Bank will never send e-mails that ask for confidentialinformation. If you receive an e-mail requesting your InternetBanking security details like PIN, password or account number,you should not respond.

2 .Check for the Padlock icon: There is a de facto standard amongweb browsers to display a Padlock icon somewhere in thewindow of the browser For example, Microsoft Internet Explorerdisplays the lock icon at the bottom right of the browserwindow. Click (or double-click) on it in your web browser to seedetails of the site'ssecurity.


11/23

It is important for you to check to whom this certificate has

been issued, because some fraudulent websites may have apadlock icon to imitate the Padlock icon of the browser.

3Check the webpages URL. When browsing the web, the URLs(web page addresses) begin with the letters "http". However, overa secure connection, the address displayed should begin with"https" - note the "s" at the end.For example: Our home page address ishttp://www.icicibank.com. Here the URL begins with "http"

meaning this page is not secure. Click the tab under "Login".The URL now begins with "https, meaning the user name andpassword typed in will be encrypted before being sent to ourserver.


12/23

Sample Spoofed Site

GenuineSite


13/23


14/23

Vishing

What Is Vishing?Vishing is a combination of Voice and Phishing that uses Voice

over Internet Protocol (VoIP) technology wherein fraudstersfeigning to represent real companies such as banks attempt totrick unsuspecting customers into providing their personal andfinancial details over the phone.

How The Fraudsters Operate?A typical vishing attack could follow a sequence such as this:

The fraudster sets up an automatic dialler which uses a modem tocall all the phone numbers in a region.

When the phone is answered, an automated recording is played toalert the customer that his/her credit card has had illegal activityand that the customer should call the recorded phone numberimmediately. The phone number is with a caller identifier thatmakes it appear that they are calling from the financial companythey are feigning to represent.

When the customer calls the number, it is answered by a computer-generated voice that tells the customer they have reached 'account

verification' and instructs the consumer to enter his/her 16-digitcredit card number on the key-pad. A visher may not have any realinformation about the customer and would address the customer as'Sir' and 'Madam' and not by name or the prefix 'Mr....' or 'Ms...'.

Once a customer enters his/her credit card number, the "visher"has all of the information necessary to place fraudulent charges onhis/her card. Those responding are also asked for the securitynumber found on the rear of the card.

The call can then be used to obtain additional details such assecurity PIN, expiry date, date of birth, bank account number, etc.


15/23

Tips To Protect Yourself from Vishing

Your bank would have knowledge of some of your personal details.Be suspicious of any caller who appears to be ignorant of basic

personal details like first and last name (although it is unsafe to relyon this alone as a sign that the call is legitimate). If you receive sucha call, report it to your bank.

Do not call and leave any personal or account details on anytelephone system that you are directed to by a telephone message orfrom a telephone number provided in a phone message, an e-mail oran SMS especially if it is regarding possible security issues withyour credit card or bank account.

When a telephone number is given, you should first call the phonenumber on the back of your credit card or on your bank statementto verify whether the given number actually belongs to the bank

Counterfeit Web sites

Online thieves often direct you to fraudulent Web sites via email and

pop-up windows and try to collect your personal information. One wayto detect a phony Web site is to consider how you arrived there.Generally, you may have been directed by a link in a fake emailrequesting your account information. However, if you type, or cut andpaste, the URL into a new Web browser window and it does not takeyou to a legitimate Web site, or you get an error message, it wasprobably just a cover for a fake Web site

Nigerian 4-1-9 Scam

This scam is often referred to ironically as the 4-1-9 scam after section4-1-9 of the Nigerian Penal Code, which relates to fraudulent schemes.The scam starts with bulk mailing/e-mailing of offers asking therecipients to enter into a business or to extend help in getting moneytransferred in return for huge commission.


16/23

The most common forms of these fradulent business proposalsare:

Offer of disbursement of money from wills

Contract fraud (purchase of goods or services)

Ask you for sensitive information:Fake emails claim that your information has been compromised due towhich your account has been de-activated/suspended, and hence askyou to confirm the authenticity of your information/ transactions.

Appear to be from a legitimate source:While some emails are easy to identify as fraudulent, others may appear

to be from a legitimate source. However, you should not rely on the nameor address in the "From" field alone, as this can be easily duplicated.

Contain spelling mistakes :Very often, such 'phishing'mails may contain several spelling mistakes

and even the links to the counterfeit websites may contain a url withspelling mistakes in order to take you to a website which looks like thatof your bank but is not. Whenever you use a link to access a website, besure to check for the url of the website and compare it with the original.It is recommended that you type the url yourself whenever you accessbank sites.

Contain prizes or other offers:Some fake emails promise a prize or gift certificate in exchange forcompleting a survey or answering a few questions. In order to collect thealleged prize, you may be asked to provide your personal information.

Contain fraudulent job offers:Some fake emails appear to be sent by companies to offer you a job.These are often work-at-home positions which are actually schemes thatvictimize both the job applicant and other customers. Be sure to confirmthat the job offer is from a genuine and reputed company.

Link to counterfeit Web sites :Fake emails may direct you to counterfeit Web sites carefully designed tolook real. Hence such websites may look very similar and familiar to you,

but are actually used to collect personal information for illegal use.
http://www.icicibank.com/online-safe-banking/glossary.html#phishinghttp://www.icicibank.com/online-safe-banking/glossary.html#phishinghttp://www.icicibank.com/online-safe-banking/glossary.html#phishinghttp://www.icicibank.com/online-safe-banking/glossary.html#phishing


17/23


18/23

Below are some tips for recognizing whether you have possiblybeen a victim of fraud:

If you did not receive an expected bill or statement by mail.

If unexpected charges occur on your account.

If there are charges on your account from unrecognized vendors.

If the cheque leaves in your cheque book appear out of sequence.

If you get collection calls regarding merchandise or services that you didnot buy.

Use Internet banking to minimize the risk of Fraud:

Utilize paperless options and limit receipt of paper statements bysubscribing for bank, credit card and demat account statements byemail.

Monitor your account activity regularly by checking your balances andstatements online through This helps you to quickly detect anyfraudulent transactions. The earlier a fraud is detected, the smaller willbe its financial impact.

Limit the use of cheques, transfer funds online between your Bankaccounts, or send money to other Bank and Non- Bank customersthrough bank sites.

Receive and pay bills online for Free with Bill Pay on bank sites. Thefewer personal documents sent through the mail, the less chance there isfor possible fraud.

Linking and manage all your Bank relationships online on Bank sites.

Receive email or sms alerts upon significant transactions in your account.


19/23

Protect yourself against online fraud:

With a few simple steps, you can help protect your account andpersonal information from fake emails and web sites:

Delete suspicious emails without opening them. If you do open asuspicious email, do not Do not open or respond to onlinesolicitations for personal information.

Do not open any attachments or click on any links it maycontain.

Never provide sensitive account or personal information inresponse to an email.

Make photocopies of all the information you carrydaily and store them in a secure location like asafe deposit locker.

Shred financial or personal documents beforediscarding. Most fraud and identity theft incidences

happen as a result of mail theft.

Whenever you or your family are away from home,get the incoming post collected by a trustedacquaintance and if you are going to be away for alonger period, arrange to get your mails diverted toan alternate address. Do not leave your incomingpost lying around in your absence.


20/23

1.Never provide sensitive account like PIN, password, accountinformation or personal information in response to an e-mail. If you have entered personal information.

Install And Update Anti-Virus Software

Always protect your computer by using up-to-dateanti-virus softwarethat is capable of scanning files and e-mailmessages forviruses.This will prevent your files gettingcorrupted or lost and also prevent your computer fromgetting infected with the virus.

Anti-virus software protects you fromTrojanhorses. Trojanhorses are sent to computer systems typically through e-mail. They are particularly dangerous because they have the

potential to allow others to gain control of your computersystem remotely, without your knowledge or consent. Theseprograms can capture and send sensitive information storedon your hard drive to any other person who has gainedremote access to your computer.

Use a Personal Firewall

Any computer or device connected to the Internet that is not

properly protected is vulnerable to a variety of maliciousInternet intrusions and attacks. This applies to all users ofcable modems, digital subscribe lines (DSL) and dial-uplines. However, cable modem and DSL users are particularlyvulnerable because both connection methods provide"always-on" connection capability. The likelihood of amalicious person entering your computer increasessignificantly the longer your computer is on and isconnected to the Internet.
http://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.html


21/23

A personalfirewallwill help protect you from intrusion.Firewalls create a barrier between your computer and therest of the Internet. A firewall can be ahardwaredevice,asoftwareapplication or a combination of the two. Firewalls

can prevent malicious attacks and block certain types ofdata from entering your computer or private network. Theycan also be set up to alert you if anyone tries to access yoursystem.

Keep Your Browser and Operating System Up-To-DateWith Software updates

the software you use and the Internet itself can impact the

security of your online activities. Therefore, you shouldwatch for security bulletins that warn you of varioussecurity "holes" or "bugs" that may impact the software andweb browser you are using. It is very important to check thewebsites of your operating systemand web-browser vendorsfor software "patches" and "updates". Some operatingsystems and software can be configured to automaticallycheck for new updates.

Activate a Pop-Up Blocker

several free, publicly available programs exist that will blockall pop-upwindows from occurring while you are online.You can download such programs from the Internet.

Scan Your Computer For Spyware Regularly.

Spywareand adware are programs that monitor your

Internet activity and potentially relay information to adisreputable source. Free spyware-removal programs areavailable on the Internet.
http://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.htmlhttp://www.icicibank.com/online-safe-banking/glossary.html


22/23

When You Are Not Using Your Computer, Shut It Down OrDisconnect It From The Internet.

Do not leave your computer unattended for a long time. When

not in use, disconnect from the Internet or shut it down.

How The Fraudsters Operate?

Fraudsters send fake e-mails claiming that your information hasbeen compromised, due to which your bank account has been de-activated/suspended, and ask you to hence confirm the authenticityof your information/transactions like credit card number, personalidentification number (PIN), passwords or personal information,

such as mother's maiden name. In order to prompt a response,such e-mails usually resort to using statements that convey anurgent or threatening condition concerning your account.

While some e-mails are easy to identify as fraudulent, others mayappear to be from a legitimate source. However, you should not relyon the name or address in the From field alone, as this can beeasily duplicated.

Very often, such phishing e-mails may contain spelling mistakes.Even the links to the counterfeit websites may contain URLs withspelling mistakes, to take you to a fake website which looks like thatof your bank.

Some fake e-mails promise a prize or gift certificate in exchange foryour completing a survey or answering a few questions. In order tocollect the alleged prize, you may be asked to provide your personalinformation.

Fake e-mails appear to be sent by companies to offer a job. Theseare often for work-at-home positions that are actually schemes thatvictimize both the job applicant and other customers.


23/23

Fake e-mails may direct you to counterfeit websites carefullydesigned to look real. Hence such websites may look very similar

and familiar to you, but are in fact used to collect personalinformation for illegal use.

Such e-mails attempt to convey a sense of urgency or threat.Example: Your account will be closed or temporarily suspended ifyou don't respond.Or, You'll be charged a fee if you don't respond.

preventions (2)

Documents