Fake bank websites are fraudulent replicas of legitimate banking portals designed to steal sensitive information from users. Cyber criminals replicate the look and feel of a genuine bank’s website, including:

• Bank logos
• Font styles
• Color schemes
• User interface (UI) element

Even the domain names are altered subtly to appear legitimate, often using tactics such as:

• Typo-squatting: Slight spelling errors (e.g., www.iccibank.com instead of www.icicibank.com)
• Homoglyph attacks: Using similar-looking characters like the number ‘0’ in place of the letter ‘O’

When the user clicks on the link provided in the message, they are redirected to a fake bank website. These websites are expertly designed to mimic the official bank portal. Here’s how attackers make the website convincing:

• The URL might look almost identical to the official website but with minor changes, such as www.hdfcbakn.com instead of www.hdfcbank.com.
• The page design uses bank logos, color schemes, and even security padlocks to appear genuine.
• Fake websites sometimes use an HTTPS certificate to appear secure, even though they are fraudulent.

Once the cybercriminal receives the victim’s banking details, they act immediately to:

• Log into the real bank account using the stolen credentials
• Transfer funds to mule accounts (accounts used solely to transfer stolen funds)
• Use saved cards for online purchases or cash withdrawals
• Change account settings to prevent the victim from accessing their own account (e.g., changing the password)

If the attacker requires an OTP for verification, they often trick the victim into providing it under the guise of a security check. Some advanced scams even intercept SMS-based OTPs using malware.

• Social Engineering: Cybercriminals manipulate emotions like fear (account suspension) or greed (cashback offers) to trick victims.

• Technical Precision: Fake websites are often near-perfect replicas of real banking sites.

• Lack of Awareness: Many users aren’t trained to recognize subtle signs of a phishing attempt, like minor domain changes or grammatical errors.

• Real-Time Execution: Attackers act swiftly once they have access to prevent victims from reversing transactions.

1. Rapid Digital Adoption

2. Lack of Cyber Awareness

A significant portion of the population is unaware of the risks associated with phishing scams or how to identify fraudulent websites.

3. Language Barriers

4. Weak Security Practices

Common mistakes made by users include:

• Reusing passwords across multiple accounts
• Ignoring security warnings from browsers
• Failing to use two-factor authentication

Online frauds in banking are getting more and more common. Being aware and careful is necessary to avoid internet banking fraud. As a safety measure, one should take the following precautions:

• Use Strong Passwords:One should create strong and unique passwords for their online banking accounts. They should avoid using easily guessable passwords like birth dates or name-surname combinations and update their passwords regularly.
• Enable Two-Factor Authentication (2FA): two-factor authentication adds an extra layer of security to online banking accounts. It typically involves using something one knows (such as a password) and something one has (such as a fingerprint or an OTP sent to their mobile) to verify their identity.
• Be Cautious with Emails and Links: One should be cautious with emails, especially those asking for personal information or urging one to click on suspicious links. One should always verify the authenticity of emails and links before providing any confidential information and avoid clicking on links or downloading attachments from unknown sources.
• Keep Software Updated: One should keep their computer, mobile device and all software, including antivirus and anti-malware programs, up-to-date with the latest security patches. This helps protect against known vulnerabilities that cybercriminals may exploit.
• Be Wary of Public WiFi: One should avoid conducting online banking transactions on public WiFi networks, as these networks may not be secure and can be easily intercepted by hackers.Check Bank Statements Regularly: One should review their bank statements and transaction history regularly. One should report the bank immediately in case of any suspicious activity.
• Be Skeptical of Unsolicited Calls: One should be sceptical of unsolicited phone calls or messages asking for personal or banking information. Legitimate financial institutions will never ask for confidential information over the phone or through messages.

1. Immediately Contact Your Bank

• Report fraudulent transactions
• Request to block or freeze your account temporarily

2. File a Cybercrime Complaint

• Visit the National Cyber Crime Reporting Portal: https://cybercrime.gov.in/

• Provide all relevant evidence, including screenshots and transaction details

3. Update Your Passwords

• Change your banking and email passwords immediately, and avoid using the same password for multiple accounts.

4. Enable Real-Time Transaction Alerts

• Activate SMS or email alerts for all transactions to monitor any unauthorized activity.