Canara Bank never sends any such emails asking for confidential/personal details of any customers. Please report immediately on firstname.lastname@example.org or email@example.com if you receive any e-mail purported to be originated by Canara Bank to gather your Username or Password or any other personal information. This may be a phishing mail.”
is a common form of Internet piracy. It is deployed to steal
users' personal and confidential information like bank account
numbers, net banking passwords, credit card numbers, personal
identity details etc. Later the perpetrators may use the
information for siphoning money from the victim's account
or run up bills on victim's credit cards. In the worst case
one could also become the victim of identity theft. A few
customers of some other Indian banks have been affected
by the attempt of phishing during the early 2006. Phishing
scams take advantages of software and security weaknesses
of the clients. But even the most high-tech phishing scams
work like old-fashioned con jobs, in which a phisher convinces
his mark that he is reliable and trustworthy Since most
people won't reveal their bank account, credit card number
or password to just anyone, phishers have to take extra
steps to trick their victims into giving up this information.
This kind of deceptive attempt to get information is called
We would like you to be aware of methodologies in a 'Phishing'
attack, do's and don'ts in sharing of personal information
and the action to be taken in case you fall prey to a phishing
Phishing attacks use both social engineering and
technical subterfuge to steal customers' personal
identity data and financial account credentials.
- Customer receives a fraudulent e-mail seemingly
from a legitimate Internet address.
- The email invites the customer to click
on a hyperlink provided in the mail.
- Click on the hyperlink directs the customer
to a fake web site that looks similar to the
- Usually the email will either promise a
reward on compliance or warn of an impending
penalty on a non compliance.
- Customer is asked to update his personal
information, such as passwords and credit
card and bank account numbers etc.
- Customer provides personal details in good
faith. Clicks on 'submit' button.
- He gets an error page.
- Customer falls prey to the phishing attempt.
- Do not click on any link which has come
through e-mail from an unexpected source.
It may contain malicious code or could be
an attempt to 'Phish'.
- If you get an e-mail that you believe is
a phishing attempt, you do not reply to it,
click on the links or provide your personal
- Do not provide any information on a page
which might have come up as a pop-up window.
- Never provide your password over the phone
or in response to an unsolicited request over
- Always remember that information like password,
PIN, TIN, etc are strictly confidential and
are not known even to employees/service personnel
of the Bank. You should therefore, never divulge
such information even if asked for.
- Always logon to a site by typing the proper
URL in the address bar.
Give your user id and
password only at the authenticated login
- Before providing your user id and password
please ensure that the page displayed is an
https:// page and not an http:// page. Please
also look for the lock sign ( ) at the right
bottom of the browser and the certificate
from the verification authorities.
- Provide your personal details over phone/Internet
only if you have initiated a call or session
and the counterparty has been duly authenticated
- Please remember that bank would never ask
you to verify your account information through
- If you feel that you have been phished
or you have provided your personal information
at a place you should not have, please carry
out following immediately as a damage mitigation
- Change your password immediately. If you
use the same password at other sites, we suggest
you to change your passwords there, too.
- Report to the bank by clicking on the link
'Report Phishing' on login page.
- Check your account statement and ensure
that it is correct in every respect.
- Report any erroneous entries to Bank.