Ever received a request in your email in-box from your bank asking you to confirm your Taxpayer Identification Number (TPIN), online banking user ID and password, and date of birth? The sender probably says the bank is in the process of updating its records and providing these details is necessary in case you want to continue a relationship.
The message even has a link you are expected to click on, so that you can get to another window on your computer screen and key in the information.
Stop right there. Don’t even dream about doing anything half as foolish. You can be absolutely sure the message isn’t from your bank, but from a faceless crook in some unknown part of this planet. They call such people “phishers” in cyber lingo. The sender has cleverly copied the look and feel of your bank’s website, and has even disguised the URL so that you don’t spot the difference between the letter “l” (L in lower case) and the numeral 1 in the address bar.
Or the “phisher” may simply have dropped a letter that you wouldn’t normally notice is missing in the course of transacting on the Net. Notice the missing letter “i”, for instance, in www.citbank.com or www.icicbank.com.
It is quite obvious that the sender seeks your financial details so that he can use these to impersonate you and clean out your bank account or make huge purchases on your credit card. By the time you find out you have been cheated, it will be too late.
Worse, the “phisher” could infect your computer with malicious software such as Trojan, which would reside in your system and transfer information about your financial dealings to the sender regularly. So, if you are dealing with another bank, the password and other details relating to that account could be stolen, too.
How do you protect yourself from phishing? For starters, you could simply ignore the sender’s request and delete the mail.
But you would also do well to equip your computer with protective software. Also, try as far as possible not to buy airline tickets or shop online if you are using a cybercafe.
Also, remember that your bank will never ask you to furnish any details about yourself or your relationship with it over email.
Make sure you report the attack to an anti-phishing organization such as the Anti-Phishing Working Group and the cybercrime department of the police.
While phishing is a punishable offence, it is much more difficult to catch the thief in such crimes than it is in others because not only is the offender faceless, the “stolen merchandise” is intangible.