In the midst of increasing phishing attacks on a daily basis, which is a fraud tactic used by fraudsters to get an individual's confidential information such as bank account numbers, net banking passwords, credit card numbers, and so on. By collecting these details, the fraudster steals the individual's money and causes him or her to become a victim of a phishing scam. It is best practice to keep your mouth shut when you receive a call from a scammer asking for your confidential information. However, in order to improve security, the country's largest lender, State Bank of India (SBI), has published several Do's and Don'ts on its website, which banking customers should read as a must-do chore.

Methodologies take place in a phishing scam

• Phishing attacks use both social engineering and technical subterfuge to steal customers' personal identity data and financial account credentials.
• Customer receives a fraudulent e-mail seemingly from a contractual Internet address.
• The email invites the customer to click on a hyperlink provided in the mail.
• Click on the hyperlink directs the customer to a fake website that looks similar to the genuine site.
• Usually the email will either promise a reward on compliance or warn of an impending penalty on a non compliance.
• Customer is asked to update his personal information, such as passwords and credit card and bank account numbers etc.
• Customer provides personal details in good faith. Clicks on 'submit' button.
• He gets an error page.
• Customer falls prey to the phishing attempt.

Don'ts by SBI

• Do not click on any link which has come through e-mail from an unexpected source. It may contain malicious code or could be an attempt to 'Phish'.
• Do not provide any information on a page which might have come up as a pop-up window.
• Never provide your password over the phone or in response to an unsolicited request over e-mail.
• Always remember that information like password, PIN, TIN, etc are strictly confidential and are not known even to employees/service personnel of the Bank. You should therefore, never divulge such information even if asked for.

Do's by SBI

• Always log on to a site by typing the proper URL in the address bar.
• Give your user id and password only at the authenticated login page.
• Before providing your user id and password please ensure that the URL of the login page starts with the text 'https://' and is not 'http:// '.The 's' stands for 'secured' and indicates that the Web page uses encryption.
• Please also look for the lock sign (lock icon) at the right bottom of the browser and the verisign certificate.
• Provide your personal details over phone/Internet only if you have initiated a call or session and the counterpart has been duly authenticated by you.
• Please remember that the bank would never ask you to verify your account information through an e-mail.

The bank has mentioned on its website "SBI never sends email /SMS or makes phone calls for getting customer information. Please report immediately [email protected] if you receive any e-mail purported to be originated by SBI to gather your Username or Password or any other personal information" which customers should keep in mind while getting fraud calls.