The Cyber Crime Police of the CID has arrested five persons accused of phishing of bank accounts in the city. The Cyber Crime Police Station had received complaints from some account holders that they had fallen prey to the phishing attack. The victims had their accounts in different banks across the city.

During the course of investigation it emerged that when the account holders unwittingly responded to the phishing mails, they could not subsequently access their accounts as their contact information, passwords, contact phone numbers and other details had been changed.

The fraudsters allegedly cleaned up the accounts, allegedly transferring the money to several other accounts in Mumbai and north India. The phishing mails were traced to Nigeria and other African countries.

The five arrested on Wednesday are Abdul Khair Khan (31) from Mumbai, Pratik D. Maurya (24) from Thane district of Maharashtra, Mohammed Khafil Syed (32) from Mumbai, Durgesh Rajput Tiwari (21) from Mumbai and Saleem Khan (36) from Hyderabad.

In an attempt to educate the public in the light of these arrests, the CID police explained in a release that phishing is a technique which is deployed to steal confidential financial information like bank account numbers, net banking passwords, credit card numbers and personal identity details.

How it happens

Phishing attacks take place in the following fashion: Internet banking user receives a fraudulent email seemingly from a legitimate Internet address.

The email invites the user to click on a hyperlink. User clicks the hyperlink and is redirected to a fake website that looks similar to the genuine banking site.

Usually the email will either promise a reward on compliance or warn of an impending penalty on non-compliance. User is asked to provide confidential information, such as login/profile or transaction passwords and bank account numbers. User provides the details in good faith and clicks ‘submit' button. User is displayed an error page. User has fallen prey to a phishing attack.

The don'ts

The public has been advised not to click on any link from an unknown source; provide any information on a page which might have come up as a pop-up window; provide password over the phone or in response to an unsolicited request over email.