Scammers used Domain ID of a bank to trick one of their customer organizations.
IndusInd bank was directed to pay a penalty of Rs 20 Lakhs to Prothious Engineering Services which holds a current account in the bank.
On January 9, 2014, the company received an e-mail from “exclusivee@indusind.com” claiming that the bank was updating their database and needed several details from the company including their current account number, mobile phone number linked to the account among other things.
The company came to know about the fraud when a check of Rs 13 Lakhs bounced with the error of insufficient balance. The company saw various fraudulent transactions from its account.
The organization submitted all the requested data in the fraudulent email as they were not able to see an extra ‘e’ placed in the email address. The bank has pleaded that it had nothing to do with the scam as the account details were shared by the organization itself to the scammers.
However, the Domain ID corresponds to the bank which proves that the phishing email originated from the respondent bank or there was a security lapse in the respondent’s IT system. The order further states money from the complainant’s account was fraudulently transferred to an account in IndusInd bank itself.
NPAV recommends users to always verify such emails with their respective banks, as they can be malicious. Banks rarely send such emails and before submitting any information through these mails, the verification must be done properly.
Install NPAV Total Security and stay protected from all such phishing attacks. Use NPAV and join us on a mission to secure the cyber world.
Referenced Link:
https://indianexpress.com/article/india/bank-domain-id-used-to-send-fraudulent-mail-told-to-pay-phishing-victim-rs-20-lakh-6500007/lite/.