ICICI Bank Fraud Emails

Recently i got an email from ICICI bank that my account has been flagged due to security issues.Mail was from a genuine ICICI email account and it had a link where i need to logon to resolve the issue.It had an inbuilt link to login but as per my habit i checked the link it is redirecting on  Mouse over and it was not redirecting to ICICI but to a website “bass.am”

This made sure i am not going to logon with my credentials as its a phising site with fake Pages from ICICI bank.Still i explored the links further. The page brought me to a page where i need to decide Corporate or Personal login.not very much neat design but easy for a novice to fall in.

Further exploring it took me to a page where i need to enter some personal details like transaction passwords and all.And submit button action takes us to another bass.fm page while submitting our details at some repository in background.

 

 

 

In the Personal login the page which we are redirected is very neatly designed . In fact it has many of links which redirect to ICICI website , which being static pages while most of dynamic pages are still on bass.am website.I tried to give it a go and entered fake details and clicked login.

 

And as expected it took to a bass.am page again with blank template.So again your details are stored somewhere in repository made by the user of the webpage.This could be set as a trap to fetch ICICI or any other bank details from any person very easily.All you have to do is to remain very alert.Few tips to make sure you dont get trapped :

• No bank ever asks you to login directly in the email
• If such issue occurs contact your bank on phone
• Email from a genuine address doesnt makes sure it is a genuine mail , there are majority of websites which can let you send any email from any email address even from billgates@microsoft.com
• Always have a look at the redirecting link while dealing with links from external sources like from any other website or from mail