Phishing

Security Tips

  • If possible, upgrade Operating System (OS) of the computer system promptly. Newer version of the operating system would help you make your system more secure.
  • Use Latest version of browsers to connect to the Internet as they afford higher level of security.
  • Installing personal firewall on your computer system will provide added level of security.
  • Installation of Antivirus softwares on your computer system will reduce the risk of virus attacks. Continuous updation of these antivirus softwares will offer more resistance to newer viruses.
  • You can eliminate potential risk caused through pop-up windows by removing any spyware or adware installed on your computer, using spyware/adware removal softwares.
  • Be sure the Web page you are viewing offers encryption of your data. Often you will see a lock symbol in the lower right-hand corner of your browser window and/or the Web address of the page you are viewing will begin with "https://..." The’s’ indicates 'secured' and means the Web page uses encryption.
  • Downloads from unfamiliar sources may contain hidden programs or viruses that can compromise your computer's security.
  • When not in use, disconnect your computer system from the Internet to avoid unwanted access to the information on your system.
  • If you are using any sensitive application, like banking, then logout completely and close the browser window.
  • Install a screen saver with password protection.

About Phishing

'Phishing' is a common form of Internet piracy. It is deployed to steal user’s personal and confidential information like bank account numbers, net banking passwords, social security numbers, personal identity details etc. Later the perpetrators may use the information for transferring money from victim's account. In the worst case one could also become the victim of identity theft. A few customers of some other Indian banks have been affected by the attempt of phishing in early 2006.

We would like you to be aware of methodologies in a 'Phishing' attack, do's and don'ts in sharing of personal information and the action to be taken in case you fall prey to a phishing attempt.

Methodologies:

  • Phishing attacks use both social engineering and technical subterfuge to steal customers' personal identity data and financial account credentials.
  • Customer receives a fraudulent e-mail seemingly from a legitimate Internet address.
  • The email invites the customer to click on a hyperlink provided in the mail.
  • Click on the hyperlink directs the customer to a fake web site that looks similar to the genuine site.
  • Usually the email will either promise a reward on compliance or warn of an impending penalty on non-compliance.
  • Customer is asked to update his personal information, such as passwords and credit card and bank account numbers etc.
  • Customer provides personal details in good faith. Clicks on 'submit' button.
  • He gets an error page.
  • Customer falls prey to the phishing attempt.

Do's:

  • Always logon to a site by typing the proper URL in the address bar.
  • Give your user id and password only at the authenticated login page.
  • Before providing your user id and password please ensure that the URL of the login page starts with the text ‘https://’ and is not ‘http://'. The 's' stands for 'secured' and indicates that the Web page uses encryption.
  • Please also look for the lock sign () at the right bottom of the browser and the verisign certificate.
  • Provide your personal details over phone/Internet only if you have initiated a call or session and the counterpart has been duly authenticated by you. Please remember that the bank would never ask you to verify your account information through an e-mail.

Dont's:

  • Do not click on any link that has come through e-mail from an unexpected source. It may contain malicious code or could be an attempt to 'Phish'.
  • Do not provide any information on a page which might have come up as a pop-up window.
  • Never provide your password over the phone or in response to an unsolicited request over e-mail.
  • Always remember that information like password, PIN etc are strictly confidential and are not known even to employees/service personnel of the Bank. You should therefore, never divulge such information even if asked for.

What to do if you have accidentally revealed password/PIN/TIN etc:

If you feel that you have been phished or you have provided your personal information at a place you should not have, please carry out the following immediately as a damage mitigation measure.
  • Change your password immediately.
  • Report to the bank by mailing at admin.gls@sbi.co.in
  • Check your account statement and ensure that it is correct in every respect.Report any erroneous entries to the bank.

Report Phishing:

Report Phishing at