Look where you click, and check what you share

Public sector bank State Bank of India (SBI), India’s largest lender, has issued a note of caution for customers to protect themselves from phishing scams. This comes amid rising instances of online scams that bank customers often fall prey to.

‘Phishing’ refers to e-mails, SMSes and websites that catch unwary users by surprise and seek to syphon off money from their accounts. They look genuine and respectable, and often replicate the logos of well-known organisations.

“Be suspicious of any e-mail or text message containing urgent requests for personal or financial information (SBI and most other financial institutions and credit card companies normally will not use e-mail to confirm an existing client’s information),” says the SBI website. “Contact the organisation by using a telephone number from a credible source such as a phone book or a bill.”

Also read: Crypto ads will have to display disclaimer, ‘highly risky’ labels

In its release for customers, SBI had lists of dos and don’ts to avoid phishing attacks.

The dos

“Do not click on any link which has come through e-mail from an unexpected source. It may contain malicious code or could be an attempt to ‘Phish’,” said SBI, adding some caution on pop-ups. “Do not provide any information on a page which might have come up as a pop-up window,” it said.

The bank asked customers to never disclose via SMS or any other text message any personal information, such as account numbers or passwords, or any combination of sensitive information that could be used fraudulently. Further, it said, “never provide your password over the phone or in response to an unsolicited request over e-mail”.

“Always remember that information like password, PIN, TIN, etc. are strictly confidential and are not known even to employees/service personnel of the bank,” said SBI. “You should therefore, never divulge such information even if asked for.”

The don’ts

For starters, customers should always logon to a bank site by typing in the correct URL in the address bar, said SBI. Scamsters often open websites with URLs identical to reputed banks’ addresses, so the customer needs to be careful here.

Give your user id and password only on the authenticated login page, it added. Further, before providing the user id and password, the customer has to ensure the URL of the login page starts with the text ‘https://’, and is not ‘http://’, it said. The ‘s’ in the URL stands for ‘secured’ and indicates that the web page uses encryption.

To be extra careful, customers should look for the lock sign at the right bottom of the browser and the Verisign certificate — these can be seen on the login pages of all financial services websites.

Customers can part with personal details over the phone or internet, only if they have initiated the interaction, and the person at the other end has been authenticated, said SBI.

“Regularly update your computer protection with anti-virus software, spyware filters, e-mail filters and firewall programs,” it said.

Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.

Please remember that the bank would never ask you to verify your account information through an e-mail.

As a general rule, be suspicious when receiving any unsolicited incoming communication/phone call asking your personal or financial information or asking to update them on a site. Contact your Bank directly through official channels available to verify the authenticity of those calls.