Lately people have been on the receiving end of seemingly genuine SMSes disguised to be from a legitimate bank.
Modus operandi
The scammer asks the recipient to click on a link and enter their credentials ostensibly to not have their account closed.
For example, in the name of HDFC Bank, scammers have been sending something called a “phishing bank SMS,” in which cyber fraudsters scare people by saying that their bank account has been suspended and asking them to update their KYC)= or PAN card by clicking on the link provided.
With this the criminals gain access to the victims account and steal their money.
Official alert
In cognizance of this, HDFC Bank has alerted its customers that it sends messages from its official IDs, hdfcbk and hdfcbn, with links under http://hdfcbk.io
“Remember, the bank will never ask for PAN details, OTP, UPI, VPA / MPIN, Customer ID & Password, Card No, ATM PIN & CVV. Please do not share your confidential details with anyone,” the bank said.
One of the easier ways to identify a scam message is through its language and grammar. These fraudulent messages usually have flawed grammar and loose language.
Such messages usually contain a direct threat to either suspend or terminate services.
Look close at the URL
Before sharing user id and password, ensure that the URL of the login page starts with ‘https://’ and not ‘https:// ‘.
The ‘s’ denotes ‘secured’ indicating that the Web page uses encryption.
Always look for the lock symbol at the right bottom of the browser along with the Verisign certificate.
Alert the bank of suspicious activity
Another protective measure is to check the sender’s identity before acting on any SMS request, reporting the SMS to the bank manager, and confirming bank alerts with the bank manager.
The public is advised to use two-factor authentication for online banking which means that you have to enter the password and OTP each time you access your account.
The simplest yet the most overlooked rule of thumb- Don’t click unidentifiable links and delete such messages.
Quick tips
- Log out after completion of your online banking session.
- Change your internet banking passwords regularly.
- Never download and install apps from untrusted sources
- Block your card immediately if money is debited without consent
- Avoid paying online on random websites
- Avoid using unsecured, unknown WiFi networks
- Don’t save banking info on your email, untrusted pc/mobile browser/app
- If you suspect a breach has been committed, contact your bank immediately
How to spot an authentic/genuine SMS
Here’s what an authentic HDFC Bank SMS looks like:
- The sender id will have HDFCBK/ HDFCBN in the name.
eg. XX- HDFCBK
- Whatever link is in the text will begin with hdfcbk.io
- Remember: HDFC Bank will never ask for sensitive info like OTP, MPIN or password
Helpline
HDFC Bank customers can contact 1800 202 6161
or
1860 267 6161
These are 24/7 customer care numbers.