Posted on 20 January 2011 by admin
IMPORTANT SECURITY TIPS FOR SAFE ONLINE BANKING
1. Access your bank website only by typing the URL in the address bar of your browser.
2. Do not click on any links in any e-mail message to access the site.
3. Bank never sends e-mail and embedded links asking you to update or verify personal, confidential and security details. NEVER RESPOND to such e-mails/phone calls/SMS if you receive.
4. Do not be lured if you receive an e-mail/SMS/phone call promising reward for providing your personal information or for updating your account details in the bank site.
5. Having the following will improve your internet security:
1. Newer version of Operating System with latest security patches.
2. Latest version of Browsers (IE 7.0 and above , Mozilla Firefox 3.1 and above, Opera 9.5 and above, Safari 3.5 and above, Google chrome,etc.)
3. Firewall is enabled.
4. Antivirus signatures applied
6. Scan your computer regularly with Antivirus to ensure that the system is Virus/Trojan free.
7. Change your Internet Banking password at periodical intervals.
8. Always check the last log-in date and time in the post login page.
9. Avoid accessing Internet banking accounts from cyber cafes or shared PCs.
Please ensure the following before logging for Online Banking Transactions.
* URL address on the address bar of your internet browser begins with “https”; the letter ‘s’ at the end of “https” means ‘secured’.
* Look for the padlock symbol either in the address bar or the status bar (mostly in the address bar) but not within the web page display area. Verify the security certificate by clicking on the padlock.
* The address bar has turned to green indicating that the site is secured with an SSL Certificate that meets the Extended Validation Standard.(Available in IE 7.0 and above, Mozilla Firefox 3.1 and above, Opera 9.5 and above, Safari 3.5 and above, Google chrome).
* Do not enter login or other sensitive information in any pop up window.
* Normally a Bank/Banking Institution will never send you an e-mail asking you to submit personal or financial information such as your username, password, PIN number or credit card number.
* Any e-mail which asks for such information is fraudulent and should be deleted immediately.
* Do not be lured if you receive an e-mail promising you a reward for providing your personal information and do not be afraid if the email warns of an impending penalty for non compliance.
* Any attempt to steal personal information by sending fraudulent e-mails is technically known as ‘Phishing’.
Posted on 20 January 2011 by admin
‘Phishing’ attack, The do’s and don’ts in the background of internet Banking .
* Phishing attacks use both social engineering and technical subterfuge to steal customers’ personal identity data and financial account credentials.
* Customer receives a fraudulent e-mail seemingly from a legitimate Internet address.
* The email invites the customer to click on a hyperlink provided in the mail.
* Click on the hyperlink directs the customer to a fake web site that looks similar to the genuine site.
* Usually the email will either promise a reward on compliance or warn of an impending penalty on a non compliance.
* Customer is asked to update his personal information, such as passwords and credit card and bank account numbers etc.
* Customer provides personal details in good faith. Clicks on ‘submit’ button.
* He gets an error page.
* Customer falls prey to the phishing attempt.
1. Do not click on any link which has come through e-mail from an unexpected source. It may contain malicious code or could be an attempt to ‘Phish’.
2. Do not provide any information on a page which might have come up as a pop-up window.
3. Never provide your password over the phone or in response to an unsolicited request over e-mail.
4. Always remember that information like password, PIN, TIN, etc are strictly confidential and are not known even to employees/service personnel of the Bank. You should therefore, never divulge such information even if asked for.
1. Always logon to a site by typing the proper URL in the address bar.
2. Give your user id and password only at the authenticated login page.
3. Before providing your user id and password please ensure that the URL of the login page starts with the text ‘https://’ and is not ‘http:// ‘.The ‘s’ stands for ‘secured’ and indicates that the Web page uses encryption.
4. Please also look for the lock sign (lock icon) at the right bottom of the browser and the verisign certificate.
5. Provide your personal details over phone/Internet only if you have initiated a call or session and the counterpart has been duly authenticated by you.
6. Please remember that the bank would never ask you to verify your account information through an e-mail.
What to do if you have accidentally revealed password/PIN/TIN etc:
1.If you feel that you have been phished or you have provided your personal information at a place you should not have, please carry out the following immediately as a damage mitigation measure.
* Change your password immediately.
* Report to the bank by clicking on the link Report Phishing
* Check your account statement and ensure that it is correct in every respect.
* Report any erroneous entries to the bank.
* Use the other compensatory controls provided by the bank like setting the limits for demand draft and trusted third parties to zero, enabling high security, etc to minimize the risk.