My Security

Caution On Phising Scam

Take a great caution if one day you receive e-mail requesting information on your account which includes User ID, PIN, card or account number or even a notificiation to make a transfer to win a certain lottery because it can turn out to be an e-mail scam. This type of scam is also known as phising.

What is phising?

Phising is an illegal technique to obtain your personal information including User ID, PIN (Personal Identification Number), bank account number or credit card number. The information will be used by the fraudster to access your account, to scam your credit card or to guide a bank customer to transfer an amount of money to a certain bank account in order to win a prize.

It is a common technique and had been widely recognized as of January 2005 this scam technique is increasing to 42% from the previous month. The Anti-Phising Working Group (APWG) on its monthly report, recorded there are 12.845 new e-mails and 2.560 fake sites used as to facilitate phising. As in quality, the number of attacks had also increased. It means that those fake sites placed at a server unequipped with the standard protocol therefore it is undetected.

How the phising is done?

Phising techniques widely used are:

  1. Using fake e-mail and graphic to scam the bank customer so they will pay attention to take it as a real e-mail. To make it more convincing, fraudsters usually put an official brand or bank logos on the website. The trick used to attract customer to give their personal datas, such as passwords, PIN and credit card number.
  2. Create fake website similar to the official site or send e-mail containing links to the fake site.
  3. Create a hyperlink to the fake website or make an application form attach to the sent e-mail.

Prevention on phising

To prevent such phising, don’t get easily attracted to follow any direction related to an account information suggested to e-mail which had been linked to a certain bank sites. Please be aware, if you received this type of e-mail under the name of Bank Mandiri. Bank Mandiri had implemented a policy not to ask our bank customer to up-date their datas through e-mail.

There are several steps to protect yourself from phising scam

  1. Always type the complete URL of the official bank’s website address on your browser menu bar, for example:
  2. Do not share or give your User ID or PIN to someone else even to the Bank Mandiri’s staff. Bank Mandiri never asked for your PIN under any circumstances.
  3. Should you receive e-mail notification stated that Bank Mandiri is to close your account or User ID, requiring confirmation on personal datas, please do not reply or click the link on the e-mail.
  4. Do not easily attracted by suggestions to transfer an amount of money into a certain account in order to win a prize. It is advisable to find the complete information to the Bank Mandiri.

Do we need to report any suspicious e-mails?

Should you have any question on e-mail sent by Bank Mandiri or should you feel that someone is attempted to scam your account under Bank Mandiri, please Call Mandiri on 14000 from your telephone or mobile phone to confirm.

::   How to keep PIN confidential
::   Alert on Typo Site
::   Your Transaction is Safe with Token PIN Mandiri
::   Ethics in Internet Banking
::   Alert On Virus dan Spyware !
::   Internet Banking Mandiri is SAFE from Keylogger

Fraud at ATM!