ICICI Bank – Fake Site

Got this a little earlier in the day from a friend. Seems ICICI has a duplicate site , and surprisingly both have a secured SSL from verisign – be careful!


Here are the both the URLs, they are same, except there is a space (%20) at the end of the phishing URL.

FAKE
https://infinity.icicibank.co.in/BANKAWAY?Action.

RetUser.Init.001=Y&AppSignonBankId=ICI&AppType=corporate&abrdPrf=N%20

 

REAL
https://infinity.icicibank.co.in/BANKAWAY?

Action.RetUser.Init.001=Y&AppSignonBankId=ICI&AppType=corporate&abrdPrf=N

icici12.jpgicici21.jpg

Fake                           Real

 

 
Advertisements

5 thoughts on “ICICI Bank – Fake Site

  1. I’m not sure this can be a fake site at all.
    As the domains are exactly the same they page request from the user will arrive at exactly the same web server or web farm etc).
    What you’re seeing is a difference in the presentation by the same server based on information in the querystring.
    It’s the domain that has the certificate therefore I’m confident it’s all fine.

  2. Anybody noticed that Fake link provided by punchoo is opening ‘http://www.icicibank.com/’. While real link opens ‘https://infinity.icicibank.co.in/BANKAWAY?Action.RetUser.Init.001=Y&AppSignonBankId=ICI&AppType=corporate&abrdPrf=N’.

    Note the different ‘http’ vs ‘https’. ‘https’ is secure while ‘http’ is not. Even if fake link might be genuine icici link but since it is Not ‘https’ data you entered can be easily tapped. It is very hard to tap data entered into site with ‘https’ because data will be encrypted.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s