wood burning stoves*
The moose likes Meaningless Drivel and the fly likes FW: ICICI Bank Duplicate site - be careful - really!!! Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Other » Meaningless Drivel
Bookmark "FW: ICICI Bank Duplicate site - be careful - really!!!" Watch "FW: ICICI Bank Duplicate site - be careful - really!!!" New topic
Author

FW: ICICI Bank Duplicate site - be careful - really!!!

ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830

Hi All,



An important piece of information.



Sur prising both the sites have secured SSL from Verisign !!!

beware !!



This is one of the worst phishing scam ever seen.
Here are the both the URLs, they are same, except there is a space (%20) at the end of the phishing URL.

The wrong one
https://infinity.icicibank.co.in/BANKAWAY?Action.RetUser.Init.001=Y&AppSignonBankId=ICI&AppType=corporate&abrdPrf=N%20

Actual ICICI Site
https://infinity.icicibank.co.in/BANKAWAY?Action.RetUser.Init.001=Y&AppSignonBankId=ICI&AppType=corporate&abrdPrf=N
Please forward this mail to all friends.



Received as a forward.

I think both URL are reliable. Open wrong (fraud) one then click on personal, it opens up the same reliable URL (actual URL).
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41046
    
  43
I seem to be a bit slow in understanding. All URLs are part of the ICICI bank domain - how is this a phishing attempt?

Since you're saying that both URLs seem to be reliable, why are you posting this here?
[ May 22, 2008: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
siva kumar
Ranch Hand

Joined: May 02, 2004
Posts: 120
:roll:
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

I am confused as well.

Both redirected me to the icici website. Or is this meaningless ?


SCJP 6 articles - SCJP 5/6 mock exams - More SCJP Mocks
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
Without agreeing or dis-agreeing with the validity of reported method as valid issue, I had something occur yesterday which causes me to contemplate Opie's report in light of some other LD-50's


"The differential equations that describe dynamic interactions of power generators are similar to that of the gravitational interplay among celestial bodies, which is chaotic in nature."
Rambo Prasad
Ranch Hand

Joined: Feb 23, 2006
Posts: 628
Few days back I got a email from HDFC bank..Again this is an phising attack...

Contents of mail as below...
Unauthorized NetBanking Access On Your Account


In the last fews weeks, our Online Banking Security team has observed multiple logons on your Internet Banking Account, from different Blacklisted IP's, therefore been blocked, to prevent further unauthorized access for your safety. we have decided to put an extra verification process to ensure your identity and your Internet Banking Account Security.

Click on for your NetBanking Online Access.

http://www.hdfcbank.com/1/2/securityaccess/precaution/internet-banking/

Security Advisory,
HDFC Online Banking

*Important*
Please update your records on or before 48 hours, a failure to update your records will result in a temporary hold on your funds - it's one more way that HDFC makes your online banking experience better..

� 2007 All Rights Reserved


Helping hands are much better than the praying lips
Akhilesh Trivedi
Ranch Hand

Joined: Jun 22, 2005
Posts: 1526
Anti-phishing or anti-ICICI??


Keep Smiling Always — My life is smoother when running silent. -paul
[FAQs] [Certification Guides] [The Linux Documentation Project]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41046
    
  43
Originally posted by Rambo Prasad:
Few days back I got a email from HDFC bank..Again this is an phising attack...

Please help me understand how this is a phishing attack. Are you saying that the domain hdfcbank.com is not owned by HDFC Bank? Or that you're not a customer of the bank?
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8903

hdfc bank website is perfectly fine. I dont see any phising. The link posted by Mr.Ramboo is not working though,.


Groovy
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8903

Originally posted by Ulf Dittmer:
I seem to be a bit slow in understanding. All URLs are part of the ICICI bank domain - how is this a phishing attempt?

Since you're saying that both URLs seem to be reliable, why are you posting this here?

[ May 22, 2008: Message edited by: Ulf Dittmer ]


No phishing at all.
Rambo Prasad
Ranch Hand

Joined: Feb 23, 2006
Posts: 628
Please help me understand how this is a phishing attack. Are you saying that the domain hdfcbank.com is not owned by HDFC Bank? Or that you're not a customer of the bank?


I got an email...When I clicked on the link in the email it took me to a fake HDFC bank site with the following url
http://209.40.193.221/~hdfc/www.hdfcbank.com/personal/Welcome%20to%20HDFC%20Bank%20NetBanking.htm

And it prompted me for the Customer Id and and my password..Notice that it is http and not https..Besides the word "Urgent" is usually associated with spam..
But the correct one is https://netbanking.hdfcbank.com/netbanking/

I immediately called up the HDFC customer care and questioned them about the multiple login attempts to my account.They said me that it is a phishing attack and lot of people got duped this way...
[ May 23, 2008: Message edited by: Rambo Prasad ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41046
    
  43

That is indeed phishing. But the URL you posted earlier is genuine.
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8903

Originally posted by Ulf Dittmer:

That is indeed phishing. But the URL you posted earlier is genuine.


yes. I am confused now.
Akhilesh Trivedi
Ranch Hand

Joined: Jun 22, 2005
Posts: 1526
The Gods Must Be Crazy
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

Originally posted by Ulf Dittmer:

That is indeed phishing. But the URL you posted earlier is genuine.


Ah ! Makes more sense now.

Still puzzled about the ICICI though
Rambo Prasad
Ranch Hand

Joined: Feb 23, 2006
Posts: 628
That is indeed phishing. But the URL you posted earlier is genuine.


I mean the URL displayed is genuine but the URL to which it is directed to is the fake...
It is something like this
[A HREF="http://209.40.193.221/~hdfc/www.hdfcbank.com/...>http://www.hdfcbank.com/..[/a]
 
permaculture playing cards
 
subject: FW: ICICI Bank Duplicate site - be careful - really!!!
 
Similar Threads
Total confusion on so many IDs
[India] Home Loan - some doubts
Remember the Beta Exam???????
Passed SCWCD 76 %
Download ExamLab