Sender email id is not shown in mobile. Clicking [Verify now] opens a phishing site:
https://zcs.instantia.com/homelogon/app/MY-ACCO...
Instead of posting here, you should alert HDFC via Twitter.
I request you/the admin remove the link immediately.
budweiser wrote:Modi: Youth hee desh ka bhavishya hsi.
Sender email id is not shown in mobile.
ArasuS wrote:they do nothing. they will just say avoid clicking suspicious links and don't share opts.Instead of posting here, you should alert HDFC via Twitter.
I request you/the admin remove the link immediately.
praveersavarkar wrote:Kids now-a-days unaware of e-mail header or how to check raw message!
Youth:
Vu and KG++
Got the same mail, for a moment I thought it was genuine as my account is kind of actually blocked right now 😅
But just to be sure I checked the mail id first and it was some .nz mail id
dealpanda wrote:Although possibly different for different victims, still
But just to be sure I checked the mail id first and it was some .nz mail ID
So that others can sense Amy pattern.
And those using browsers, even on the mobile site), can check sender details by tapping on 'view original message' or some such thing in your e-mail provider's site.
For gmail, using the basic html interface does it. https://mail.google.com/?ui=html.
praveersavarkar wrote:
Although possibly different for different victims, still
if you can share the address.So that others can sense Amy pattern.
And those using browsers, even on the mobile site), can check sender details by tapping on 'view original message' or some such thing in your e-mail provider's site.
For gmail, using the basic html interface does it. https://mail.google.com/?ui=html.
Mail id of the sender is [email protected] .co .nz
dealpanda wrote:Thanks, can add the domain or the pattern to the spam filter.Mail id of the sender is [email protected] .co .nz
This is why 2FA is required...
Always pay attention to the URL (domain name in particular*) while logging into banking websites
https:// subdomain (netbanking / cards). domain( same as official site, hdfcbank in this case) .com
netbanking. hdfcbank.com - ✔
hdfcbank. netbanking.com - ❌
Anything else - ❌
Agnivo007 wrote:Can end up giving a false sense of security, when things really end up going down south in reality.This is why 2FA is required...
praveersavarkar wrote:Still one gets OTP/TOTP as additional layer of security even if account userid/password is phished...
Can end up giving a false sense of security, when things really end up going down south in reality.
Agnivo007 wrote:Not about banks, but in so far as lesser stuff like shopping portals are concerned, have had confirmed cases of (even Dimers) people loosing access to hackers despite two-factor.
Still one gets OTP/TOTP as additional layer of security even if account userid/password is phished...
Update: site taken offline after my complaint to domain registrar.
guest_999 wrote:Update: site taken offline after my complaint to domain registrar.
Great job!
Hdfc display some customized message also.. after entering user ID.
Most of the times to see balance login OTP is a problem...better to have some option like display message
hese wrote:Yes there is a security image option enabling which results in display of that security image(which you chose) after entering user id to confirm you are on genuine hdfc netbanking page(phishing websites won't have that customized security image linked with your user id).Great job!
Hdfc display some customized message also.. after entering user ID.
Most of the times to see balance login OTP is a problem...better to have some option like display message
Reporting these kind of things is pain in the ass. Banks should make it easier to make a complaint with regards to phishing and spams instead of asking a user to fill a form with long list of details.
