Jagoinvestor

October 14, 2013

Beware of Fake Email Scams asking for password & Critical information – Its a trap !

Some days back one of our readers forwarded an email to me, which he got in the name of SBI Bank and it was about some new scheme or feature launched. All he had to do was login to his account by clicking on the LINK given inside the email. He asked me over the email if this mail was genuine or fake ? You can see the snapshot of the email below.

Fake Email on SBI bank

I looked at the email and instantly sensed that this was some kind of fraud email, just to get hold of the login details of the mail receiver. In this article I want to cover few points which will teach you more about these kind of fake emails and some important points, so that you are not duped in future and are alert.

3 common things you will notice in Fake Emails

There are few common traits of most of the fake fruad emails you will recieve, you should notive these 3 points in those emails.

1. The email id used looks authentic, but it’s NOT

One of the most common trick used in fake emails, is that the email id used by them looks very authentic, but if you enquire a bit about it, you will find out that they are fake and just gives an impression of being authentic. For example , if you get an email from SBI Bank and the email id is “[email protected]”, at first you might get fooled that the email is really form SBI bank, but if you go to google and and search for SBI Bank website, you will come to know that its sbi.co.in or onlinesbi.com, but the email has come from a different place. You should check the website of the fake email id (in this case – sbi-bank.com) and you will come to know that either it does not exist or looking at the website, you will figure out that its Fake.

I can share a real life example of this. My brother faced this fake email some months back. He was searching for a job and he got an email from Larson & Toubro company, that his resume was shortlisted and he has to attend an interview, but he had to give a security deposit of some amount (around Rs 8,000) which he will be refunded back after the interview.

The moment I heard this, I knew this is some fake email, because no company asks anything like that. I asked him to search for larson & toubro website and  it we landed on www.larsentoubro.com/‎ . However the email came from profile@larsentoubroltd.com/‎ (extra ltd word in email), when we went to that website (the fake one) it did’nt exist. When we searched on internet about it, we got so many threads about about it and how they lost money.

Given our country has so much of unemployment, and so many people are looking for jobs, its easy to dupe them and run this kind of rackets. Infact people make millions through these kind of fake emails. Below is the email which my brother got for interview, you can notice how unprofessional the email sounds.

Fake email for Job Offer india

Note – Many times, you will also receive emails coming from the original sites and web-address, but even there is a trick for that, if you use 3rd party email sending software’s, you can fake your email id. You will notive in your email that the mail came “via” another server.

2. The target website link inside the email does not look authentic

A lot of times, inside the fake email you have a link to click, it takes you to some target website and you have to fill some personal details. In reality, the website is a fake one, which looks real visually, but on the backend its a fake one. This is called as PHISHING Trick, which steals your important login details and misuse later. So always make sure that you have all the important links written down or saved as bookmarks in your browsers.

3. The mail asks for PASSWORD or some critical information

If you see all the fake emails, one common thing you will notice is that these emails scare on some point and create some kind of emergency. It can be regarding some new change, new scheme, last date for something, It might say that the server was compromised and they are just asking for proof and things like those.

Always remember that banks or institutions do not ask for these kind of things over email. Passwords are never asked by anyone over email for sure. At times fake emails use name of RBI and Income Tax department so that people take it seriously because there is some kind of fear attached with it (ohh …. its email from Tax department, better I take it seriously). Checkout the Video below which explains about the RBI Email Scam !

Common Traits of the Fake Emails and the Websites

If you look at the fake emails and their websites (the link inside the email). You will notice that they have very bad grammar, no professional look and they ask for some stupid thing to be done which does not look natural. Like some of your friend in Hawaii, who is robbed and now needs $400 to come back to India and will give back your money later, such kind of emails come from hacked emails of some of your friends.

Also check – FAKE Calls on name of IRDA

When do Fake Emails Arrive ?

These fake emails can come anytime to you, but note that the frequency of mails increases, when some important event is nearby like income tax season, or income tax filing season or when some major law has changed, so that people can relate to fake emails.

What’s your thought on this matter and have you ever got an email asking you to click on a link and provide some critical information? And what did you do in that case ? Can you share ?

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

39 Comments
Inline Feedbacks
View all comments
Satish Ramankutty
Satish Ramankutty
11 years ago

In simple words, in case you get any emails from a bank asking for some sensitive details to validate your account or do some payment or for something else just go to the banks website directly and check it out rather than following the hyperlink, because if there is any changes in RBI rules it will show up on the bank website or inside your account, for example i used to get alerts after logging into my axis bank account asking me to apply for CTS 2010 Cheque book. As soon as i applied for it the alert disappeared. Never follow the hyperlinks until you are very sure about the correctness of the information/link

Satish Ramankutty
Satish Ramankutty
Reply to  Jagoinvestor
11 years ago

I forgot to mention a real life incident wherein one of my friend happened to enter his details by following the hyperlink and one fine day he started to get 10 SMS’s stating that his account his debited Rs 610. He immediately rushed to a nearby ATM in Bangalore and took out the remaining amount When he called up the customer care they told him that it was a ATM transaction and money cannot be refunded and blocked his card. Next day he went to the bank they gave him the same reason stating that the card was swiped in an ATM in Gurgoan. He questioned them that how it was possible that he is having the card in hand now and also withdrawn the money from an ATM in Bangalore within few minutes after Rs 610 was debited 10 times and the same card was swiped in Gurgoan Also how it is possible to withdraw Rs 610 from an ATM which is not in multiples of 100’s. The bank did a detailed investigation and they got confused as it shows as ATM withdrawal in the message he received but shows as online transaction in their records. Finally they had refunded the money and also changed all the account details from Account number to card number

Satish Ramankutty
Satish Ramankutty
11 years ago

Hi Manish,

I had received so many mails including the above mail, from Larsen and Tubro.I had also got mails from SBI asking to validate my ACC with username and password.In many cases i receive emails from my close friends email id with some hyperlinks without the persons knowledge but at the same time we used to get valid emails from the same email id which will confuse anyone.As soon as we click the hyperlinks then similar mails will start generating from our account without our knowledge and starts spreading to all the other email id. As soon as i see such emails i immediately forward that email to all my friends (after disabling the hyperlink) to be very careful with the links and also notify my friend whose account is compromised to get it fixed/close the account itself

Souvik Das
Souvik Das
11 years ago

On a different note a lot of people do not take precautions to provide their correct details to banks or utility companies or even financial organizations. I have had multiple instances of receiving bank statements, loan statements and even telephone bills and orders from online shopping sites addressed to the wrong person. I still take the pain to inform the banks although it is a pain to find the correct email id to address the concern. It is important to provide correct details or an identity theft is just a click away.

ASHOK
ASHOK
11 years ago

sbi is sending instant password to mobile during every fund transfer. All the other banks should do it. It is almost safe i think.

astrosunil
astrosunil
Reply to  Jagoinvestor
11 years ago

Canara bank also sends OTP for every bank transfer. This seems safer approach.
There can be additional checks added if the amount transferred is huge to avoid relatives/friends also doing mischief if anyone has given them the access to do so willingly also.

Radhe (Raj Singh)
Radhe (Raj Singh)
11 years ago

Very clearly explained article.

astrosunil
astrosunil
11 years ago

Some of tips to take care : [bit off-topic]
1. Check weather the http is changing to https when you login into the banking website. It’s secured access.
2. Don’t google search the bank website name & open the site, directly type the official banking official site when accessing the internet banking account.
3. Don’t keep a file with file-names passwords.txt or similar in your computer. It’s hard to memorize so many passwords, hence try to remember the passwords most of them, or else use a pendrive kept safely in wardrobe with such sensitive info.
4. Never access your account from net centers etc.
5. Keep card lost reporting banking numbers in your mobile so that you can block the same instantly when needed.
6. Do have a good antivirus in PC & smart phones.
Though these may appear simple, we tend to ignore them sometimes.

Mandar Kulkarni
Mandar Kulkarni
11 years ago

Hi Manish,
The first screenshot you have shown in this post as a fraud email has a genuine domain name in its “FROM” email address. Your first screenshot showing email address ****@onlinesbi.com and when I check onlinesbi(dot)com it is official SSL protected SBI website. Just want to ask if there is any typo mistake or confusion?

Just for your information!

Regards
Mandar

Joel
Joel
Reply to  Mandar Kulkarni
11 years ago

I was also meaning to ask the same ? Great observation.

Joel

A
A
Reply to  Mandar Kulkarni
11 years ago

Mandar – Glad that you brought up the point here. There are programs (very simple to write if anyone knows Java / .NET) that can send emails with a different id.
Remember that if an email asks about your PIN or password or asks you to download a file and enter your User name and password then there is something fishy about it.

RAGHURAM
RAGHURAM
11 years ago

Dear Manish,

Thanks for educating us time and again. Your valuable information protects not only investors but also all online users in a way or other. Great job! Keep Going!

Thankfully,
Raghuram.

Anand
Anand
11 years ago

Hi,

Such emails are being received regularly. The main thing is where to lodge complaints to this or if there is any email id to forward such emails. I normally check the bank websites and if they have a link to fwd, I fwd them, but only sometimes.

Can you please do a post on what actions to take once we get such emails. I think that will be a good deterrence ?

thanks

Anand

trackback
Fraud calls and fake emails - Indian Real Estate Forum
11 years ago

[…] over the email if this mail was genuine or fake ? You can see the snapshot of the email below. Link:Beware of Fake Emails asking for password & Critical information – Its a trap ! Next article extract on fraud calls: There have been too many fake phone calls in the name of IRDA […]

RAJESH SOBTI
RAJESH SOBTI
11 years ago

Thanks Manish for the valuable information. I also got similar message through SMS informing about winning of lottery and contacting at a given number and sending SMS. By the way, can we proceed legally against such unscrupulous persons after getting their IP address traced and filing complaint with the competent legal authority.

It would be nice in the interest of all of us to have recourse to such type of fraudulent activities.

regards

rajesh sobti

astrosunil
astrosunil
11 years ago

Thanks Manish for the nice information, apart from such mails & sms, I faced a situation where in I was told by some lady from Delhi information office something that I need to call a lawyer as a case has been registered in court with some money transaction matter someone, So she requested me to note down the mobile number of advocate who will tell me details & guide me through. Now I knew that this was totally fake, so told to send legal notice to my address first. Got a call couple of more times before this nonsense had to stop. Please do let us know where to complaint for such things.

Chetan Ambi
Chetan Ambi
11 years ago

Dear Manish,

Thanks for the information..

Thanks,
Chetan

Mohit Goyal
Mohit Goyal
11 years ago

Useful article. Can you please help us by knowing where to file complaint of these fake emails or calls??

Gaurav Doshi
Gaurav Doshi
11 years ago

Manish, this are quite common this days.
Apart from email they have started it on SMS also.
Today I have received a SMS SAYS:
My name is Mrs. Melissa & I have 8.5 milllion dollars to transfer to you in charity name to help poor ones in your place india. contact me [email protected]. And this is from a mobile no.

We need to be really aware – I receive emails from Raghuram Rajan (RBI governor) for so many million dollars I have recived as coca cola gift.

Thanks,
Gaurav

astrosunil
astrosunil
Reply to  Jagoinvestor
11 years ago

I am also getting mails to receive money from RBI governor, lets go & collect it 🙂 . Below is the copy-pasted extract from mail :

“Therefore, we are writing this email to inform you that £ 1,000,000.00 GBP will be release to you in your name, as it was committed for (RBI) Governor that Beneficiary will have to pay crediting fees only. So you are therefore required to pay 12,500 INR ONLY in cash deposit. To credit your account immediately making a decline for 2 working day after date of receiving this mail”

Fill The Form Below:

1. Full Names
2. Residential Address:
3. MOBILE NUMBER:
4. Occupation:
5. Sex:
6. Age:
7. Country:
8. Marital Status:
9. E-mail id:
10. Bank Name:
11. Account Number:
12. Account Holders Name:
13. Bank Branch:

Accept my hearty congratulations once again!
Yours faithfully, Dr Raghuram Rajan.

Sushil Girdher
Sushil Girdher
11 years ago

I once recieved the similar mail from Indusind Bank and immediately i found some foul play becuase i was not having any account in Indusind Bank. Next Day Same E mail i got from PNB and next day again from ICICI.

Then i became alert and since then i am alert