New Phishing email from fake ICICI Bank


theoracle

Well-Known Member
Adept
Jun 4, 2011
313
127
81
Got the following email

From ICICI Bank Wed Jul 13 03:14:47 2011

X-Apparently-To: xxxxxxxxx@yahoo.com via 98.139.211.90; Tue, 12 Jul 2011 08:21:48 -0700

Return-Path: <otp.reg@icicibank.com>

X-YahooFilteredBulk: 216.245.218.53

Received-SPF: fail (domain of icicibank.com does not designate 216.245.218.53 as permitted sender)

--------------------------------------------------------------------------------------

Dear Customer

Starting from August 1, 2011 all Internet Based transactions made via Online

Web Interface will require an additional One Time Password (OTP).

This requirement has been made mandatory by the Reserve Bank of India (RBI).

Introduction of OTP is intended to reduce the possibility of fraudulent transactions

and would safeguard you, the customer.

Kindly submit the form attached to this email in order to enroll

your Online Bank Account in the new online protection System.

If you are using Internet Explorer please allow ActiveX for scripts to

perform all data transfers securely.

Some E-mail Account users like gmail and sify might view a warning

signal at the header of this message. Kindly note that this is normal.

Beware of Phishing

--------------------------------------------------------------------------------------

with an attachment with extension pdf.html which when clicked opens the below site

ICICI Bank Fake URL

Which looks to be an exact replica of ICICI bank login page, it even behaves as if it is able to login if you even some non existing user name /pwd.

Beware of such emails.
 

raksrules

Well-Known Member
Elite
Aug 30, 2007
9,978
1,766
378
Mumbai
Yeah...one more chance to give them BMC gaalis in user id and password :D

--- Updated Post - Automerged ---

LOL I entered swear words in user id and password and still it SORT OF logged me in.

Guys please beware about all this as these phishing people seem to have invested a lot of to recreate exact replicas.

After login it asks you details like transaction password, debit card details including CVV and validity and then on next page it asks for the GRID details of debit card, all numbers.

How do we notify ICICI about this URL ?
 

pratikb

Well-Known Member
Adept
Mar 2, 2011
2,025
182
102
IE 9 is supersmart,

It immediately asked me with notification below address bar saying do you intend to visit delorama.com site

cheers to MS and its work.

site is exact replica of icici site.
 

theoracle

Well-Known Member
Adept
Jun 4, 2011
313
127
81
yes this site is quite difficult to spot the scam, at a casual look.

I tried providing a date birth as 35-02-2011 it even accepted it :eek:hyeah:, and proceeded to display a screen to provide debit card info.
 

kuduku

Well-Known Member
Veteran
Dec 9, 2007
2,430
344
172
it sends you back to real ICICI website once they have extracted everything
 

raksrules

Well-Known Member
Elite
Aug 30, 2007
9,978
1,766
378
Mumbai
theoracle said:
yes this site is quite difficult to spot the scam, at a casual look.

I tried providing a date birth as 35-02-2011 it even accepted it :eek:hyeah:, and proceeded to display a screen to provide debit card info.
I filled F%$&^ in DOB and it even took that :p

Filled all sorts of gaalis that one experienced in delhi belly there
 

pratikb

Well-Known Member
Adept
Mar 2, 2011
2,025
182
102
its exact replica of icici but ms smartscreen filter notifies of scam on every page and its working properly.

--- Updated Post - Automerged ---

guys , I opened this URL in firefox and IE 9 and firefox fails in detecting it.
 

theoracle

Well-Known Member
Adept
Jun 4, 2011
313
127
81
pratikb said:
its exact replica of icici but ms smartscreen filter notifies of scam on every page and its working properly.
Firefox , chrome should have something similar. Have stopped using IE :ashamed: .
 

pratikb

Well-Known Member
Adept
Mar 2, 2011
2,025
182
102
I am updated with latest verion of firefox but still no luck in catching it as scam.

but IE by default detected it.and it was not just first time i opened the page.everytime i opened tab,it detected sca and alerted me each and everytime.
 

urssriks

Active Member
Disciple
Dec 29, 2010
158
1
28
33
Was the from address from an icicibank.com domain registered email address? and anyways thats the reason I dont un-install IE, microsoft keeps upto its name ;)
 

raksrules

Well-Known Member
Elite
Aug 30, 2007
9,978
1,766
378
Mumbai
^^That is also easy to spoof. Mails APPEAR to come from ICICI but some softwares/scripts are used to send those.
 

theoracle

Well-Known Member
Adept
Jun 4, 2011
313
127
81
Yes the address shows @icicibank.com

From: "ICICI Bank"<otp.reg@icicibank.com>

But while viewing the entire header, found the following message. (saw this later)

-------------

Received-SPF: fail (domain of icicibank.com does not designate 216.245.218.53 as permitted sender)

-------------

Actually it was lying in my SPAM folder, I marked it as Not a Spam going by the From Field :ashamed: , but the attachment name "ICICI Bank (OTP) Enrollment form.pdf.html" made be suspicious about it.

--- Updated Post - Automerged ---

Got the following response from ICICI Antiphising

--------------

Dear Customer,
Thank you for writing to us and bringing this e-mail to our notice.
We wish to inform you that the e-mail you have received has not been sent by ICICI Bank.
Please visit the 'Safe Banking' section on our web site for "Safety Tips" and more information on a secure online banking experience.
We reiterate that ICICI Bank acts at all times with in good faith, with diligence and without any intent prejudicial to the interests of its customers.
Sincerely,
Sxxxxxu Mxxxxa

Office of Head Service Quality

--------------------------------
 

pratikb

Well-Known Member
Adept
Mar 2, 2011
2,025
182
102
Dear Customer,

Thank you for writing to us and bringing this e-mail to our notice.

We wish to inform you that the e-mail you have received has not been sent by ICICI Bank.

Please visit the 'Safe Banking' section on our web site for "Safety Tips" and more information on a secure online banking experience.

We reiterate that ICICI Bank acts at all times with in good faith, with diligence and without any intent prejudicial to the interests of its customers.

Sincerely,
this is what they say.

we all know icici wont do anything like phishing and all.

Its standard copy paste reply i guess.

Glad that I am not using ICICI bank or anything related to it.
 

theoracle

Well-Known Member
Adept
Jun 4, 2011
313
127
81
I think ICICI will log some sort of request to the concerned authority.

Guess this would be standard response from any bank concerned and nothing specific to ICICI bank, although I may be wrong.
 

pratikb

Well-Known Member
Adept
Mar 2, 2011
2,025
182
102
it should have been offline after we reported it.

it still active thats what concerns me.
 

varkey

Well-Known Member
Adept
Sep 8, 2006
2,951
187
102
Bengaluru / Cochin
www.varkey.in
^ What can ICICI do to a site which is running on a 3rd party server which it has no control over? It is not possible for them to just shut down the site immediately after you have reported it.

They will contact the web hosting or server provider and ask them to take action which may not happen instantly.
 

6pack

Well-Known Member
ex-Mod
Sep 19, 2005
7,704
1,608
302
I get a Reported Web Forgery notification in FF 5.0

This web page at delaroma.net has been reported as a web forgery and has been blocked based on your security preferences.

Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.Entering any information on this web page may result in identity theft or other fraud.