Fraud email (claiming to be from ICICI Bank)

Published: Dec 10th, 2007 | Author: Crank Up Add Comment

I am using ICICI bank online facility for the past 2 years and found it very useful. I do most of the transactions online. But when you want the ICICI bank the most it will let you down :-) ..anyway this is not what we are going to discuss now.

I received a mail today morning from ICICI bank. I have attached the mail content below. (please click here for image preview)

Dear ICICI Customers Upgrade 2008

Due to concerns, for the safety and integrity of the ICICI account we have issued this warning message.

It has come to our attention that your ICICI account information needs to updated as part of our continuing commitment to protect your account in this year 2008 and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

Once you have updated your account records your ICICI account service will not be interrupted and will continue as normal.

To update your ICICI records click on the following link:
http://www.icicibank.com/1/2/signon?screenid=Update_Ac ct

Thank You.

The mail looked genuine at first then the I noticed something fishy in “From” address (riskofficer@icicibank.com). I checked ICICI bank an found this ICICI Bank will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet Banking details like your PIN, password, account number, you should not respond.”

I decided to investigate more. I opened the email headers which made the investigation more interesting. Here is what I found out

Message headers from Fraud email. Oh yes for those who don’t know what are email headers(Email headers – The ‘hidden’ lines of text/code that is above each email message. Every email sent has a header.)

Delivered-To: shobankr@gmail.com
Received: by 10.142.87.15 with SMTP id k15cs327547wfb;
Sun, 9 Dec 2007 20:46:09 -0800 (PST)
Received: by 10.100.232.13 with SMTP id e13mr14053045anh.1197261969402;
Sun, 09 Dec 2007 20:46:09 -0800 (PST)
Return-Path: <nick2oo8@web403.opentransfer.com>
Received: from web403.opentranster.com ([98.130.2.4])
by mx.google.com with ESMTP id a13si3081136rof.2007.12.09.20.46.07;
Sun, 09 Dec 2007 20:46:09 -0800 (PST)
Received-SPF: error (google.com: error in processing during lookup of nick2oo8@web403.opentransfer.com: DNS timeout) client-ip=98.130.2.4;
Authentication-Results: mx.google.com; spf=temperror (google.com: error in processing during lookup of nick2oo8@web403.opentransfer.com: DNS timeout) smtp.mail=nick2oo8@web403.opentransfer.com
Received: from web403.opentranster.com (web403.opentransfer.com [127.0.0.1])
by web403.opentranster.com (8.13.8/8.13.8) with ESMTP id lBA4k09O003839
for <shobankr@gmail.com>; Sun, 9 Dec 2007 23:46:05 -0500
Received: (from nick2oo8@localhost)
by web403.opentranster.com (8.13.8/8.13.8/Submit) id lBA4k0Vv003836;
Sun, 9 Dec 2007 23:46:00 -0500
Date: Sun, 9 Dec 2007 23:46:00 -0500
Message-Id: <200712100446.lBA4k0Vv003836@web403.opentranster.com>
To: shobankr@gmail.com
Subject: Your ICICI Bank Account Need Authentication To Keep Your Account Activate
From: ICICI BANK <customer.care@icicibank.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit

Even though the email seem to start from customer.care@icicibank.com it never traveled through ICICI bank servers. What does nick2008@localhost to do with ICICI bank? :-) .. To make it more clear I checked the message headers from ICICI bank gnuine email (from which I receive my bank statement) and confirmed that this email is not from ICICI bank.
Message headers from genuine ICICI email

Received: from mlxtrend3.icicibank.com (mlxmail3.icicibank.com [203.27.235.120])
by rly42d.srv.mailcontrol.com (MailControl) with ESMTP id l96Em0EI020395
for <shobankr@gmail.com>; Sat, 6 Oct 2007 15:48:02 +0100
Received: from masssmtp2.icicibank.com ()
by mlxtrend3.icicibank.com (8.12.11/8.13.7) with ESMTP id l96EluHx010147
for <shobankr@gmail.com>; Sat, 6 Oct 2007 20:17:58 +0530 (IST)
Received: from icicibank.com ()
by masssmtp2.icicibank.com with SMTP id l96ElYGe000813
for shobankr@gmail.com; Sat, 6 Oct 2007 20:17:43 +0530
From: Customerservice@icicibank.com
Message-Id: <200710061447.l96ElYGe000813@masssmtp2.icicibank.com>
Reply-to: Customer.Care@icicibank.com
To: <shobankr@gmail.com>
————————————————————————————————————————————————–

Can you see the difference? Also I noticed that the link( http://www.icicibank.com/1/2/signon?screenid=Update_Ac ct) in the email redirects the user to http://postoffice24×7.com/.BASHX/www.icicibank.com/personal/. Pass this message to your friends and warn them about this Email fraud.

Like this post?? please subscribe to my RSS feeds to keep you updated . alternatively you can subscribe to my feeds through email.

Incoming search terms for the article:

ICICI bank fraud email, SMTP fraud, icici bank customer care mail id, icici fraud 2007, icici fraud mail, icici fraud website, icici mail id, opentransfer com smtp, reviews on icici fraud website, shobankr crankup net, icici bank fraud emails, can mail headers be frauded with, icici bank fraud, care@icicibank com, CUSTOMERSERVICE@ICICIBANK COM
Share this:

Technorati Tags: , ,

Related posts:

  1. IC3 issues warning about another scam email
  2. Spam! Spam! Spam! everywhere
  3. Translate your emails in Gmail
  4. 20 Temporary and Disposable Email Services
  5. 5 email addresses that convert documents

More in Computer Tips, Links

Tags: , ,
There are no comments to this entry yet
Add Comment
Name (required)
E-mail address (required, will not be published)
Website