"It is our policy not to ask for passwords over the Internet. Internationally, banks have also posted such warning to their customers. It is a pre-emptive measure on our part," Mr Rahul Bhagat, Business Head-Direct Banking Channels, said.

Rahul Wadke

Mumbai, Feb 8

HDFC Bank has put its customers on red alert about the dangers of phishing, a fraudulent way of acquiring credit card personal identification numbers, banking passwords using Internet and e-mails. For the uninitiated, phishing traces its roots to the use of increasingly sophisticated ways of "fishing" for customer financial information and passwords.

Recently, HDFC Bank, in e-mails sent to its customers, said: "It has come to our notice that fraudulent e-mails are being sent to customers asking them for confidential information. These e-mails appear as if they have been sent from the bank.

"Customers are advised to be extremely alert and not respond to such fraudulent e-mails. If you have replied to a suspicious e-mail and provided personal or sensitive information about your HDFC Bank account, please change your Net-banking password right away".

Educational drive:

Talking to

Business Line

, Mr Rahul Bhagat, Business Head-Direct Banking Channels, HDFC Bank, admitted that the bank had taken up an educational drive against the dangers posed by phishing.

"It is our policy not to ask for passwords over the Internet. Internationally, banks have also posted such warning to their customers. It is a pre-emptive measure on our part," Mr Bhagat said.

How phishing works:

Those who go phishing send e-mails, falsely claiming to be legitimate company or financial institution, in an attempt to deceive the customer into surrendering confidential information. The rationale behind phishing, of course, is embezzlement of money.

Those at the receiving end of phishing get e-mail directing them to visit a Web site where they are asked to update personal information, such as credit/debit card number and personal identification number, customer-ID of banks as also Net banking and phone-banking passwords. The Web site, however, is bogus and it is only hosted to steal the customer's information.

And banks across the country are slowly waking up to this new reality.

Soft targets:

According to Capt Raghu Raman, CEO, Mahindra Special Services Group, a company involved in Enterprise De-risking Solutions, those targeted for phishing largely have a common profile. "They are residents of tier-two cities like Ahmednagar or Madurai where Internet penetration is relatively new.

"Mostly, they are retired service class people who have recently learnt how to surf the Internet. Also targeted are the systems administrators who use the main server for their personal needs, thus exposing the entire server for malicious overtures such as Trojan by the one who is phishing," Capt Raman said.

Phishing is happening in India with increased regularity, he said.


Internet guru and leading e-security consultant Mr Vijay Mukhi said Indian banks are much more vulnerable to such attacks than banks in many other countries.

"Banks in developed countries, especially in the US, have much more expertise in handling such crimes as they have been taking the help of e-security experts right from the inception of online trading. Our banks do not have such expertise and hence need to be more careful," Mr Mukhi said.

Related Stories:
Anti-phishing tool
Caution on Trojan e-mail spam
E-mail security solution
Dos and don'ts for PC users while on vacation

(This article was published in the Business Line print edition dated February 9, 2006)
XThese are links to The Hindu Business Line suggested by Outbrain, which may or may not be relevant to the other content on this page. You can read Outbrain's privacy and cookie policy here.