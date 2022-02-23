Listen to this article Your browser doesn’t support HTML5 audio

The State Bank of India (SBI) has cautioned its customers to protect themselves from phishing. The bank has listed detailed phishing prevention guidelines. Phishing is a general term for e-mails, text messages as well as websites fabricated and sent by criminals to customers. They are designed in such a way that looks like they have come from well-known and trusted businesses, financial institutions and government agencies, with an ill-intent to collect personal, financial and sensitive information. To report a suspicious email that uses SBI’s name, you can write to report.phishing@sbi.co.in. {{^adFree}} {{/adFree}}

The State Bank of India (SBI) has cautioned its customers to protect themselves from phishing. The bank has listed detailed phishing prevention guidelines. Phishing is a general term for e-mails, text messages as well as websites fabricated and sent by criminals to customers. They are designed in such a way that looks like they have come from well-known and trusted businesses, financial institutions and government agencies, with an ill-intent to collect personal, financial and sensitive information. To report a suspicious email that uses SBI’s name, you can write to report.phishing@sbi.co.in.

Methodologies in a 'Phishing' attack Subscribe to Continue Reading Start 15 Days Free Trial

Phishing attacks use both social engineering and technical subterfuge to steal customers' personal identity data and financial account credentials.

Customer receives a fraudulent e-mail seemingly from a legitimate Internet address.

The email invites the customer to click on a hyperlink provided in the mail.

Click on the hyperlink directs the customer to a fake website that looks similar to a genuine site.

Usually, the email will either promise a reward for compliance or warn of an impending penalty on a non-compliance.

The customer is asked to update his personal information, such as passwords and credit card and bank account numbers etc.

The customer provides personal details in good faith. Clicks on 'submit' button.

He gets an error page.

Customer falls prey to the phishing attempt Best practices to avoid Phishing attacks - Do's and don'ts in sharing of personal information {{^adFree}} {{/adFree}}

Don'ts

Do not click on any link which has come through e-mail from an unexpected source. It may contain malicious code or could be an attempt to 'Phish'.

Do not provide any information on a page which might have come up as a pop-up window.

Never disclose via text message any personal information, including account numbers, passwords, or any combination of sensitive information that could be used fraudulently.

Never provide your password over the phone or in response to an unsolicited request over e-mail.

Always remember that information like password, PIN, TIN, etc. are strictly confidential and are not known even to employees/service personnel of the Bank. You should therefore, never divulge such information even if asked for. Do's:

Always logon to a site by typing the proper URL in the address bar.

Give your user id and password only at the authenticated login page.

Before providing your user id and password please ensure that the URL of the login page starts with the text ‘https://’ and is not ‘http:// ‘.The 's' stands for 'secured' and indicates that the Web page uses encryption.

Please also look for the lock sign at the right bottom of the browser and the Verisign certificate.

Provide your personal details over the phone/Internet only if you have initiated a call or session and the counterpart has been duly authenticated by you.

Regularly update your computer protection with anti-virus software, spyware filters, e-mail filters and firewall programs.

Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.

Please remember that the bank would never ask you to verify your account information through an e-mail.

As a general rule, be suspicious when receiving any unsolicited incoming communication/phone call asking your personal or financial information or asking to update them on a site. Contact your Bank directly through official channels available to verify the authenticity of those calls. {{^adFree}} {{/adFree}}

Topics SBI