Operating System (OS) of the computer system should be upgraded promptly. Newer version of the operating system would help you make your system more secure.

Latest version of browsers should be used to connect to the internet as they afford higher level of security.

Installing personal firewall on your computer system will provide added level of security.

Installation of Antivirus software on your computer system will reduce the risk of virus attacks. Continuous update of these antivirus software will offer more resistance to newer viruses.

You can eliminate potential risk caused through pop-up windows bt removing any spyware or adware installed on your computer, using spyware/adware removal software.

Be sure the Web page you are viewing offers encryption of your data. Often you will see a lock symbol in the lower right-hand corner of your browser window and/or the Web addresss of the page you are viewing will begin with "https://..." The 's' indicates secured and means the Web page uses encryption.

Downloads from unfamiliar sources may contain hidden programs or viruses that can compromise your computer's security.

When not in use, disconnect your computer system from the internet to avoid unwanted access to the information on your system. This precaution is applicable even if you have a firewall installed.

Never leave your computer unattended after you have logged into Internet banking website.

Install a screen saver with password protection.

If you are using a sensitive application like Internet banking, ensure that you logout completely, using the following steps:

• → Click the Logout button to log out of the application and end your Internet banking session.
• → Close all open browser windows.

'Phishing' is a common form of Internet piracy. It is deployed to steal confidential financial information like bank account numbers, net banking passwords, credit card numbers, personal identity details etc. Later the perpetrators may use the information for siphoning money from the victim's account or run up bills on victim's credit cards. In the worst case, one could also become the victim of identity theft. A few customers of some other Indian banks have been affected by the attempt of phishing in early 2006.

The following section details the methodology of a 'Phishing' attack, do's and don'ts in sharing of confidential information and the corrective action to be taken by a victim of a phishing attack.

Phishing attacks use both social engineering and technical subterfuge to steal customers' personal identity data and financial account credentials.

Internet banking user receives a fraudulent e-mail seemingly from a legitimate Internet address.

The email invites the user to click on a hyperlink provided in the mail.

User clicks the hyperlink and is redirected to a fake web site that looks similar to the genuine Internet banking site.

Usually the email will either promise a reward on compliance or warn of an impending penalty on non-compliance.

User is asked to provide confidential information, such as login/profile or transaction passwords and bank account numbers etc.

User provides the details in good faith and clicks on 'submit' button.

User is displayed an error page.

User has fallen prey to a phishing attack.

Do not click on any link, which has come through e-mail from an unknown source. It may contain malicious code or could be a 'Phishing attack'.

Do not provide any information on a page which might have come up as a pop-up window.

Never provide your password over the phone or in response to an unsolicited request over e-mail.

Always remember that information like password, PIN, TIN, etc. are strictly confidential and are not known even to employees/service personnel of the Bank. You should therefore, never divulge such information even if asked for.

Always logon to a site by typing the proper URL in the address bar.

Before providing your user id and password please ensure that the URL of the login page starts with the text 'https://' and is not 'http://'. The 's' stands for 'secured' and indicates that the Web page uses encryption.

Always look for the lock sign () at the right bottom of the browser and the VeriSign certificate.

Provide your personal details over phone/Internet only if you have initiated a call or session and the counterpart has been duly authenticated by you.

Please remember that the bank would never ask you to verify your account information through an e-mail.

If you feel that you have been phished or you have provided your personal information at a place you should not have, please carry out the following as a damage mitigation measures immediately:

Change your login/profile/transaction password immediately.

Report the incident to the bank.

Check your account statement and ensure that it is correct in every respect.

Report any erroneous entries/transactions to the bank.

Use the other compensatory controls provided by the bank like adding trusted third parties to zero, enabling high security, etc. to minimize the risk.