When a bank's website alerted me every time I used to log on for my banking needs, I always used to ignore the alerts. I used to think, c'mon who is so stupid who will send an e-mail to me asking me to verify my security details after logging in to my bank account. But a few days back, I did receive an e-mail allegedly from Punjab National Bank asking me to login and verify my details etc. so the mail sender can take away my money (though I bet there is no balance what-so-ever in any of my bank accounts) thinking I'm stupid. How sad! I wonder if people still get tricked by such e-mails and they actually go and verify such details.
If they do, they are in big trouble. The hacker can transfer all the money from such accounts in no time. So, if you receive any such e-mail from any bank, do not click on the link provided in the e-mail. If the bank really wants you to verify some details, they will automatically take you through a series of pages after regular login through their valid site. Do not ever click on any link within the e-mail that you receive.
The fun part was I did not have a Punjab National Bank account. Still, I tried to dig through it a bit to understand who is the sender. Apparently, the sender is someone sitting in New York,USA or Osaka,Japan. I'm posting a part of what I dug through :
Return-Path:
Delivered-To: pkjmesra@f5.p23.mail.in.rediffmail.com@f5.p23.mail.in.rediffmail.com
Received: (qmail 64018 invoked from network); 1 Apr 2009 03:02:23 -0000
Received: from unknown (HELO jtchina.japan-telecom.com.cn) (218.80.230.30)
by 0 with SMTP; 1 Apr 2009 03:02:23 -0000
Received: from User ([216.139.170.14]) by jtchina.japan-telecom.com.cn with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 1 Apr 2009 10:59:56 +0800
From: "Punjab National Bank of India"
Subject: Irregular Online Access Activity
Date: Wed, 1 Apr 2009 03:57:20 +0100
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: alert@pnb.com
Message-ID:
X-OriginalArrivalTime: 01 Apr 2009 03:00:08.0968 (UTC) FILETIME=[F77A6080:01C9B275]
X-TM-AS-Product-Ver: SMEX-7.2.0.1122-5.6.1016-16552.001
X-TM-AS-Result: Yes-9.477500-5.000000-31
Here is the e-mail that I received:
Irregular Online Access Activity
We detected irregular activity on your Punjab National Bank Online Account on 03/31/2009. For your protection, you must verify this activity for we are necessitating a verification process as an added measure to ensuring adequate security on your online access. Log In Securely here https://netbanking.netpnb.com/BANKAWAY/Action.RetUser.Init.001=Y&AppSignonBankId to review your account activity . We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account.
Want to confirm this email is from Punjab National Bank India Sign in to Online Banking and select Alerts History to verify this alert.
Though, I knew just by reading through e-mail, this is spam and someone has sent a mail bomb to everyone trying to hack through people's security details. Still, I'm sure there are plenty of people out there who actually fall into such traps ...