Phishing mails are a cause of concern for all including customers, banks and RBI. The central bank has embarked on a slew of measures. Bank too are doing the needful. But be alert! Gone are the days of caveat vendor. It is now caveat emptor!
"Dear valued customer, Reserve Bank of India has launched, a new security system, to get you protected. Click below, choose your bank and get started," reads a mail sent from firstname.lastname@example.org
Indeed, it is a phishing mail. While some of you end up ignoring it sitting in the commercial capital here in Mumbai, the "RBI instruction" will prompt the rest across India to give details. Consequently, they will fall prey to the catch. Your hard-earned money will be swindled marking the beginning of blame-game between you and your bank.
Role of RBI
From time to time, the Reserve Bank of India has made it clear that it never asks personal bank account details. The central bank has of late, embarked on a series of measure to stop this growing menace to fleece bank customers.
"We keep requesting CERT-IN to block the ip addresses from which such mails are sent. But the fraudsters use dynamic ip addresses and therefore blocking of ip addresses is not a very effective way to stop such frauds. Banks have also been asked to post a warning on their websites," a RBI spokesperson replied to a moneycontrol.com query.
Indian Computer Emergency Response Team or CERT-IN is the national nodal agency for responding computer security incidents. Internet Protocol (IP) address is an identifier for a computer on specialized networks.
RBI keeps alerting banks against such frauds. It also issues public notices to create awareness. The regulator is planning to release an advertisement through radio and television as also on email portals.
What are banks doing?
In the wake of current spate of money laundering allegations, banks are now overly cautious in terms of frauds. It is learnt that banks like ICICI Bank, HDFC Bank, Axis Bank, State Bank of India (SBI) are getting frequent RBI queries.
"For our online banking, we have not recorded a single paise fraud transaction since last June," a senior official from SBI told moneycontrol.com.
"We have put some internal safeguards to shield our customers from such frauds. Even if our customers give all details including login ids, passwords and account numbers, fraudsters cannot do anything provided customer mobiles are not lost. For any online transaction, one time password is essential," he said.
One time password is sent to an account holder's mobile number. Unless fraudsters are in hand in gloves with mobile operators, they cannot do much with customers.
Top private sector lenders including ICICI Bank and Axis Bank too responded to moneycontrol.com queries. However, HDFC Bank did not response and remained muted to repeated phone calls.
All banks barring a few are currently running alert campaign in their websites. Besides, they send SMSes, emails and statement inserts to educate customers.
"We run various communication campaigns for customers to educate about and prevent them from the frauds like phishing / vishing, trojan / malware (computer virus) and lottery frauds. The bank's website has a dedicated section on safe banking where it educates customers on different type of safety measures to be taken across all channels and products while transacting," largest private sector lender - ICICI Bank said in an emailed response.
According to Axis Bank, the bank makes all reasonable efforts to prevent customers' monies being embezzled through such frauds. As soon as a customer realizes that s/he may have parted with sensitive information, they should call the customer service of the bank, and get their internet banking privileges suspended or cards blocked.
"Our IT-security department co-ordinates efforts to close down the discovered servers hosting services where phishing sites using the Bank's branding & theme may be operational," the bank said.
One time password before effecting any transaction, cooling period for activation of new beneficiaries registered by a customer through internet banking, a cap on the number of beneficiaries that can be added in a given period, and a cap on money transfers – are some of key measures in general that all major banks ensure.
Onus on you...
Despite all efforts, if a customer's money is embezzled, no bank is ready to own that responsibility and compensate. However, banks would extend every possible support to detect the crime. Phishing mails are sent both within India and across the world.
"Customers are contractually responsible to ensure the confidentiality and safe keeping of their sensitive account details and internet banking credentials and OTPs/Passwords/PINs of their Cards," Axis Bank said.
Gone are the days of caveat vendor. It is now caveat emptor!