Outburst of HDFC and IDBI bank phishing emails

For past few days, I was getting fraud emails impersonating HDFC and IDBI banks. Emails looked pretty legitimate unless you looked into the email headers or actually visited the link provided in them.

Below are some screen shots of the emails that I received. You may also see some superficial investigation I underwent to make sure those emails were indeed phishing emails.

Confirm your ip address: HDFC bank phishing

If you have a close look at the mentioned IP addresses in the email, you will find IP address starting with 812.xxx.xxx.xxx ;) Normal computer users are usually not much tech savvy and hence they might think those IP addresses are correct.

Clicking the provided link leads to URL which is now taken down : hxxp://unions.lk/images/randomimage/hdfcpage/hdfcpage/hd.php

Classing IDBI Phishing attack email

Following is the screen shot of the phishing email I received requesting to change my Netbanking password even though I am not an IDBI customer.

Classing Phishing email requesting to change your netbanking password

Now to check the authenticity of this email, i checked the email headers and found out that email is originated from

psmtp30.wxs.nl [195.121.247.32]

residing in Netherlands. This is really suspicious as The Industrial Development Bank of India Limited (IDBI) do no have any network in Netherlands :)

Email headers from IDBI Phising email

A simple email verification query against real IDBI.com revealed following mail server information.

Real IDBI mail servers

Please beware of such emails.

We have seen US, UK, Brazilian financial institutes getting targeted by phishers and spammers but it looks like they are now targeting Indian banks as well.

Following are the precautionary measures that you can take:

1) Do not open emails from unknown people, even though they appear to be coming from a hot chick ;)

2) Always verify the browser address bar and make sure it belongs to domain it is claiming to be

3) Do not fill in personal details unless you are confident about the authenticity of target website

4) Always ascertain that you are entering details on the website guarded by trusted digital certificate authorities like Verisign, Thwarte etc.

5) If unsure, contact bank and make sure received email is legitimate.

Such emails are usually used as stepping stone for carrying out numerous attacks like, gathering credit card/personal information, carry out identity theft, planting malware on victim’s computer etc.

I hope this entry will be helpful. Till then Stay safe :)

Rating 3.50 out of 5

One Response to “Outburst of HDFC and IDBI bank phishing emails”

  1. Rutuja KUlkarni Says:
    April 5th, 2010 at 6:22 am

    very helpful . thanks,

Leave a Reply

This entry was posted on Monday, April 5th, 2010 at 2:37 am and is filed under Information Security, Web Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Get Adobe Flash playerPlugin by wpburn.com wordpress themes