Banks themselves sell the customer data. That is how telemarketers get data about you being a credit card holder of so and so banks
ICICI calling and asking to login live!!
- Thread starter nRiTeCh
- Start date
Banks themselves sell the customer data. That is how telemarketers get data about you being a credit card holder of so and so banks
Not just banks, even our employer cos. sell our data. And now a days wherever we give or exchange our contact details, you are actually making your data public. So now theres no reliable source or a guaranteed point where in we can confidently share our details without bothering about data getting outsourced and exploited.
So I also got a call from such a scammer. Started with a lady and then she handed the call over to her 'Manager'.
They knew my debit card number already which is a VISA card, and they knew my name and all. They said that they are gonna change the debit card as per regulations of RBI.
So I was almost convinced. Then the guy said you will get an SMS and you need to reply to the SMS, I said OK.
Then I got an SMS saying there is a transaction and I received the OTP. I asked the fellow what kind of SMS is this, he said its a fake transaction, you need to tell me the OTP.
I politely asked him to sod off and told him I am reporting his number. I called ICICI and reported his number, they thanked me for not divulging more details, called me very smart and told me that appropriate action will be taken against the number.
They knew my debit card number already which is a VISA card, and they knew my name and all. They said that they are gonna change the debit card as per regulations of RBI.
So I was almost convinced. Then the guy said you will get an SMS and you need to reply to the SMS, I said OK.
Then I got an SMS saying there is a transaction and I received the OTP. I asked the fellow what kind of SMS is this, he said its a fake transaction, you need to tell me the OTP.
I politely asked him to sod off and told him I am reporting his number. I called ICICI and reported his number, they thanked me for not divulging more details, called me very smart and told me that appropriate action will be taken against the number.
I think we should list out basic security measures and tips we each follow - maybe create a knowledge-bank of sorts for dealing with this menace.
1. No bank will EVER ask you for your username or password/pin/otp. this is true for any medium (phone, email, sms etc.)
2. check links are secure i.e. the web page starts with "https" and not "http"
3. the OTP generated for online transactions is for your eyes only and any request for it is to be immediately treated as an attempt at defrauding you. keep it safer than nuclear launch codes. the branch manager or even the president/ceo/owner of the bank cannot and will not ask you for your password/pin/otp. it is unique and private - even the prime minister cannot demand your pin/otp number.
4. if you are getting calls from people who have your name/last 4 digits etc. then report it to your bank and request a new card asap. this is especially true for calls asking for otp - as that means they have your card no, exp date AND the cvv #. otp is all that's left for completing the transaction.
5. as always, change passwords/pins regularly - in fact just change your cards every now and then.
6. writing down pins/password is generally a bad idea but sometimes it is necessary so in that case make sure it's written on something that will never leave the house or be in anyone else's hands/eyesight. phone, laptop, notepad etc are to be avoided.
7. paranoia and google are a deadly combo - treat all financial related contact as suspicious and do a quick google of anything you are encountering for the first time (web-pages, links, apps etc.) and like the op always ask around especially the bank itself.
8. these callers use a 'can you prove your identity' approach to confuse you about their own legitimacy. You might be tempted to ask them to prove that they are genuine but don't bother. 100% (not 99.99%) of these calls are fraudsters. you'll only be wasting your time. just say "i'll be right back" and leave them hanging on the line (at least they wont be trying to scam an elderly pensioner for a few minutes).
1. No bank will EVER ask you for your username or password/pin/otp. this is true for any medium (phone, email, sms etc.)
2. check links are secure i.e. the web page starts with "https" and not "http"
3. the OTP generated for online transactions is for your eyes only and any request for it is to be immediately treated as an attempt at defrauding you. keep it safer than nuclear launch codes. the branch manager or even the president/ceo/owner of the bank cannot and will not ask you for your password/pin/otp. it is unique and private - even the prime minister cannot demand your pin/otp number.
4. if you are getting calls from people who have your name/last 4 digits etc. then report it to your bank and request a new card asap. this is especially true for calls asking for otp - as that means they have your card no, exp date AND the cvv #. otp is all that's left for completing the transaction.
5. as always, change passwords/pins regularly - in fact just change your cards every now and then.
6. writing down pins/password is generally a bad idea but sometimes it is necessary so in that case make sure it's written on something that will never leave the house or be in anyone else's hands/eyesight. phone, laptop, notepad etc are to be avoided.
7. paranoia and google are a deadly combo - treat all financial related contact as suspicious and do a quick google of anything you are encountering for the first time (web-pages, links, apps etc.) and like the op always ask around especially the bank itself.
8. these callers use a 'can you prove your identity' approach to confuse you about their own legitimacy. You might be tempted to ask them to prove that they are genuine but don't bother. 100% (not 99.99%) of these calls are fraudsters. you'll only be wasting your time. just say "i'll be right back" and leave them hanging on the line (at least they wont be trying to scam an elderly pensioner for a few minutes).
Today once again received their email 
The links points to http://www.svgsecurity.com/verification/authentication.aspx
The link is dead as well.
The links points to http://www.svgsecurity.com/verification/authentication.aspx
The link is dead as well.
quite strange since the sender's mail (services@icicibank.com) seems legit.
either way, avoid filling any details should the link start working later on.
call up the bank or forward this email to them.
either way, avoid filling any details should the link start working later on.
call up the bank or forward this email to them.
Its mail header, you can put whatever you want. thats how smtp works. the real "from" ip address will be visible in the full mail header.
Today once again received their email
The links points to http://www.svgsecurity.com/verification/authentication.aspx
The link is dead as well.
The display ID seems legit but thats not the real ID that the mail came from.
If you are using Gmail then click on the arrow on the right side of the message on the top and click on 'Show Original'.
paste the top 20 lines here....
That should reveal the actual domain or email ID from where the mail was sent.
You can replace your mail ID from that text before posting
Don't click on things unless you know what you are expecting.Today once again received their email
View attachment 57999
The links points to http://www.svgsecurity.com/verification/authentication.aspx
The link is dead as well.
That link tries to do an attack listed here: http://ui-redressing.mniemietz.de/uiRedressing.pdf See page 40 A.1.2
^^ You shouldn't. Not after they ask for OTP.
The golden rule is to never follow an email link to go to a banking site. Doesn't matter whether its legit or not. Always open a banking site either by typing out the URL or though a bookmark that you created.
The golden rule is to never follow an email link to go to a banking site. Doesn't matter whether its legit or not. Always open a banking site either by typing out the URL or though a bookmark that you created.