Did You Ever Got a Fraud email from ICICI Bank?
I am using ICICI bank online facility for the past 2 years and found it very useful. I do most of the transactions online. But when you want the ICICI bank the most it will let you down ..anyway this is not what we are going to discuss now.
I received a mail few days ago from ICICI bank. I have attached the mail content below. (please click here for image preview)
Dear ICICI Customers Upgrade 2012
Due to concerns, for the safety and integrity of the ICICI account we have issued this warning message.
It has come to our attention that your ICICI account information needs to updated as part of our continuing commitment to protect your account in this year 2012 and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.
Once you have updated your account records your ICICI account service will not be interrupted and will continue as normal.
To update your ICICI records click on the following link:
The mail looked genuine at first then the I noticed something fishy in “From” address (email@example.com). I checked ICICI bank an found this “ICICI Bank will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet Banking details like your PIN, password, account number, you should not respond.”
I decided to investigate more. I opened the email headers which made the investigation more interesting. Here is what I found out
Message headers from Fraud email. Oh yes for those who don’t know what are email headers(Email headers “The hidden lines of text/code that is above each email message. Every email sent has a header.)Delivered-To: firstname.lastname@example.org Received: by 10.142.87.15 with SMTP id k15cs327547wfb; 19 Jul 2012 20:46:09 -0800 (PST) Received: by 10.100.232.13 with SMTP id e13mr14053045anh.1197261969402; 19 Jul 2012 20:46:09 -0800 (PST) Return-Path: <email@example.com> Received: from web403.opentranster.com ([126.96.36.199]) by mx.google.com with ESMTP id a13si3081136rof.2007.12.09.20.46.07; 19 Jul 2012 20:46:09 -0800 (PST) Received-SPF: error (google.com: error in processing during lookup of firstname.lastname@example.org: DNS timeout) client-ip=188.8.131.52; Authentication-Results: mx.google.com; spf=temperror (google.com: error in processing during lookup of email@example.com: DNS timeout) firstname.lastname@example.org Received: from web403.opentranster.com (web403.opentransfer.com [127.0.0.1]) by web403.opentranster.com (8.13.8/8.13.8) with ESMTP id lBA4k09O003839 for <email@example.com>;19 Jul 2012 23:46:05 -0500 Received: (from nick2oo8@localhost) by web403.opentranster.com (8.13.8/8.13.8/Submit) id lBA4k0Vv003836; 19 Jul 2012 23:46:00 -0500 Message-Id: <200712100446.lBA4k0Vv003836@web403.opentranster.com> To: firstname.lastname@example.org Subject: Your ICICI Bank Account Need Authentication To Keep Your Account Activate From: ICICI BANK <email@example.com> Reply-To: MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit
Even though the email seem to start from firstname.lastname@example.org it never traveled through ICICI bank servers. What does nick2008@localhost to do with ICICI bank? .. To make it more clear I checked the message headers from ICICI bank gnuine email (from which I receive my bank statement) and confirmed that this email is not from ICICI bank.
Message headers from genuine ICICI email
Received: from mlxtrend3.icicibank.com (mlxmail3.icicibank.com [184.108.40.206]) by rly42d.srv.mailcontrol.com (MailControl) with ESMTP id l96Em0EI020395 for <email@example.com>; 16 July 2012 15:48:02 +0100 Received: from masssmtp2.icicibank.com () by mlxtrend3.icicibank.com (8.12.11/8.13.7) with ESMTP id l96EluHx010147 for <firstname.lastname@example.org>; 16 July 2012 20:17:58 +0530 (IST) Received: from icicibank.com () by masssmtp2.icicibank.com with SMTP id l96ElYGe000813 for email@example.com; 16 July 2012 20:17:43 +0530 From: Customerservice@icicibank.com Message-Id: <201207161447.l96ElYGe000813@masssmtp2.icicibank.com> Reply-to: Customer.Care@icicibank.com To: <firstname.lastname@example.org> ————————————————————————————————————————————————–
Can you see the difference? Also I noticed that the link( http://www.icicibank.com/1/2/signon?screenid=Update_Ac ct) in the email redirects the user to http://postoffice24x7.com/.BASHX/www.icicibank.com/personal/. Pass this message to your friends and warn them about this Email fraud.