Dreamzzz, Desires n Desperation...: Security threats to your online banking account ....

Feb 27, 2008

Security threats to your online banking account ....

And how to avoid a disaster --

Five days back, I got a mail with subject line saying -

"Update Your Hdfc NetBanking Account Otherwise it Will Get Blocked"

To any unsuspecting customer, this might sound like a warning message and they are tempted to read the mail which has come from http://www.hdfcbank.net. The mail has normally the following content:

---------------

Important Notice :

In the last few weeks, our Online Banking Security team has observed multiple logons on your Internet Banking Account, from different Blacklisted IP's, therefore been blocked, to prevent further unauthorized access for your safety. we have decided to put an extra verification process to ensure your identity and your Internet Banking Account Security.

Click on for your NetBanking Online Access.

http://www.hdfcbank.com/1/2/securityaccess/precaution/internet-banking/

Security Advisory,
HDFC Online Banking


*Important*
Please update your records on or before 48 hours, a failure to update your records will result in a temporary hold on your funds - it's one more way that HDFC makes your online banking experience better.

© HDFC Bank Ltd. All rights reserved
-------------------------------------

The mail opens with the term important notice and it goes on to explain that as HDFC always thinks for your betterment, they will go to any extent to save your customer information. It also instills a sense of fear that someone is trying to hack your account and thus you need to update your login details. A link is provided and to make things look serious they have also added the copyright symbol.

For most of the customers who have little time to go through these kind of mails and are very loyal to the bank and are not very net savvy, this might sound completely unsuspecting. And they might even go the link and update their login details. Having worked for long on auto-surfing sites and common phishing techniques, I knew what it was. (We tried the same technique to dupe some of our friends for their Yahoo passwords to win a challenge by the same method and that too some 6 years back). So, having sensed the motive of the person this time I ventured out to collect as much information as possible on the source of the mail and attacking site. I even provided HDFC bank the whereabout with
full contact details (yes full contact details) of this person but I am not sure where they will take some action or not. Sometime I do feel that like our people, our institutions also are not very techno-savvy. Banks have adapted IT but more in a way to fulfill the existing norms.

The modus operandi and how to avoid it?

Most of these phishing mail contains a link which opens up the home page of the target website (your bank, email id, online trading account, etc). The next is that they'll ask you to log-on with your existing user details and once you sign in, it will again re-direct to the target website as if nothing has happened. Now, the trick is that the page sent to you is a replica of the home page of Hdfc bank (in this case) and the moment you enter your login details there, it send the detail to the email of the hacker. If you doesn't smell anything then by the time you'll make your next transaction, someone might have transferred all your money to some account overseas specially set up for these things.

The risk involved -

For the record, most of our bank companies allow fund transfers only between selected accounts so it's not possible to transfer funds to some unsolicited accounts. But wait, there are other elements to it like your credit card number. If you think that what if they get the card number? they still don't have the expiry date or CVV. Comeon! you are living in 2008 where the processors have speed of 3 Ghz. It takes hardly an hour to crack a 3 digit CVV code (do the maths, it's only 1000 combinations) and everybody knows that a credit card expires within 3-5 years so that gives only upto 60 combinations (12 months, 5 Years). So one hour and everything is gone. Even if the hacker can't take away everything, just imagine that if he/she tampers with your account and transfer all the money to some 2-3 accounts linked to your account or donate the money to let's say Prime Minister Relief Fund? It still mean a lot of trouble for you.

Role of Mr. Harriot Balmer and Kim Pouncy -

The chase finally lead to two names who shares the same phone number and address and are most likely to be the partners in the crime. The phishing link in the mail leads to a website http://thebestteam.org which is registered in the name of Mr Harriot Balmer and the registration details included a phone number and address. The number lookup revealed the owner's name as Kim Pouncy who is also a resident of Graham.


Address - Harriot Balmer, B. E. S. T, Street1: PO Box 742, Graham, Washington, 98338, US.
Contact Number - 253 - 847 - 0231
Number registered to - Kim Pouncy, 24604, 47th Ave E, Graham, WA - 98338

I updated HDFC bank's information security team with all the details I had but even after 24 hours, nobody has replied. I am wondering that how many people fell prey to this phishing attack by Balmer's and Kim's pair? Though I can't generalize it but quiet a few of the institutions in India won't be able to pass even simple online security tests. If nothing has happened till now then it's a proof of a simple fact that "GOD EXIST". But at the same time, it's also equally true that "God help those who help themselves".

1 comment:

Devid said...

Here is lots of useful information about Bank Accounts also you can directly apply for prepaid mastercard, credit cards and debit cards.