Sunday, April 18, 2010

Another Phishing Scam - - India's Punjab National Bank Updated Email Address Phishing Scam

Beware! Its a Cyber World - - Summary:

Email, purporting to be from India's Punjab National Bank claims that the recipient's account email address has been updated. It instructs the recipient to fill in an attached form to restore the account if he or she feels that the change was unauthorized.

Another phishing scam ..... the email is not from the Punjab National Bank. Instead it is a phishing scam designed to trick bank customers into handing over their bank login details to Internet scammers.

Following are the contents of mail from cyber criminals:


From: Punjab National Bank
Subject:Your Punjab National Bank e-mail adress was successfuly updated

Dear Punjab National Bank member,

You have added [address removed] as a new email address for your Punjab National Bank account.

If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Punjab National Bank account.

If you are using Internet Explorer please allow ActiveX for scripts to perform all data transfers securely .

Thank you for using Punjab National Bank !
The Punjab National Bank Team

Please do not reply to this email.
This mailbox is not monitored and you will not receive a response.


Copyright © 2010 Punjab National Bank. All rights reserved.


Beware! Its a Cyber World - - Explanation:

This email, which purports to be from large Indian financial institution the Punjab National Bank (PNB), claims that the email address associated with the recipient's bank account has been updated. According to the message, the recipient should fill in and submit an attached form in order to restore the account if he or she feels that the email address change was unauthorized.

However, the message is not from the Punjab National Bank and the claim that the recipient's bank account email address has been changed is a lie designed to trick him or her into filling in and submitting an attached form.

Those who fall for the ruse and click on the attached file will be taken to a web-based form that asks them to submit their bank account user name and password, ostensibly to allow restoration of the account email address. The form has been designed to resemble the genuine PNB login page. Any information submitted on the bogus form will be sent to Internet criminals who can then use it to access the customer's real PNB account, steal funds deposited in the account and conduct other fraudulent activities.

Like other legitimate financial entities, the PNB does not send unsolicited emails asking its customers to provide bank account login details. The bank has published a notice on its website warning customers about such scams. The notice includes the following information:
REMEMBER – PNB will never contact you & ask for your logon details or password or any other personal information over email.

NEVER - follow a link within an email to use PNB’s Internet Banking - PNB will never ask you to login from a link in email. - Never tell password(s) to any body.

BEWARE - of fraudulent websites looking similar to PNB’s Internet Banking website. - of scam e-mails which may contain virus or be linked to a fraudulent website
In an increasingly common tactic, the criminals behind this scam attempt have included the fake web form as an HTML email attachment rather than directing victims to a fake website via links in the message. Opening the email attachment loads the fake form into the user's web browser. If the user then enters the requested details and clicks the "Submit" button, the scammers will receive a copy of all the details provided. Scammers are apparently using HTML attachments rather than links in the hope of avoiding the increasingly sophisticated phishing scam filters that come with modern web browsers and computer security software.

Phishing scammers randomly send out many thousands or even millions of identical scam emails in the hope that at least some of the messages will reach customers of the specific entity they are targeting - in this case the Punjab National Bank. While many or even most of the customers who receive one of the bogus emails will be aware of how phishing scams work and will not be fooled, there is likely to be at least a few more inexperienced users who fall for the ruse and submit their details as requested. It only takes a handful of victims to make the scam a lucrative exercise for the scammers.

Phishing scammers continually target, not only banks, but also many other entities including other financial service providers, email service providers, tax agencies and social networking websites. Internet users should be very cautious of any emails that ask them to click a link or open an attachment and provide their account login username and password and other personal information.

No comments:

Related Posts Plugin for WordPress, Blogger...