[ddriver]

Quote:

Originally Posted by J.Ravi

ddriver,

Not freezing the recipient's same bank account is a blunder committed by PNB. Whether PNB has given a written reply to you in this matter? If not, immediately file a complaint with the Banking Ombudsman in RBI. Do not wait until you get a negative reply.

no written reply as the person from headquarter told me this today or should i say it has been realised today to me and bank manager that it has not been freezed by them. Should i wait or complained it to banking ombudsman immediately?

[BaCkSeAtDrIVeR]

Quote:

Originally Posted by NetfreakBombay

Disagree with this statement. This URL would not be in India.

Extradition.

Quote:

IP would be some PC sitting in US/EU/China (basically farmed into some botnet)

Does not matter. Every country takes internet fraud very seriously.

Quote:

Since IP does not belong to actual scamster, how can bank trace someone based on URL?

Do not confuse IP address from which the mail originated with the site / server hosting the malicious site. Systems can be hacked to relay spam mails; but it requires deliberate, malicious intent and express action to host a server which holds the malicious site.

Quote:

Originally Posted by ddriver

there is a new twist happened today!in morning i got a call from my branch that some person came from head quarter regarding your case and wants to meet you. so i drove down to my bank branch. he is an investigation officer of PNB and he told me that your account has been hacked by phishing and said that you must have recieved some mail from those hackers, and i told them that in last few months i didnt get any mail from PNB or a phishing mail.

Nice to know that they are indeed taking some action. So, apparently, somebody was present in India to withdraw the cash?

Quote:

Originally Posted by wanderernomad

PNB accounts are under serious hacking attempts. I was stupid enough to fall for it yesterday (though I have been using net banking for last

AFAIK, NONE OF THE BANKS SEND OUT MAILS ASKING YOU TO VISIT ANY SITE OR AUTHENTICATE YOURSELVES.

And the scamsters are sending out mails on random; not necessarily PNB customers.

So, be careful - the scamsters may turn their attention to some other bank now.

[sandeep3in]

Most of the banks now a days have 2 way authentication . first authentication is to gain access to your account and the 2nd authentication is required in case of doing a fund transfer .

Securid is considered most secure which is used by banks such as HSBC .

i also see SBI has released the secureid but they were charging the customers for the same which shouldn't be the case when it comes to security .Should it not be the bank's responsibility to make the transaction through them in the most secure way ?? Charging the customers for the same doesn't stand reasonable.

Icici also uses some kind of Grid based auth considered secure(better than passwords) but not as much as secur id

[BaCkSeAtDrIVeR]

Quote:

Originally Posted by sandeep3in

i also see SBI has released the secureid but they were charging the customers for the same which shouldn't be the case when it comes to security .Should it not be the bank's responsibility to make the transaction through them in the most secure way ?? Charging the customers for the same doesn't stand reasonable.

What exactly are you meaning to say? I have account in a State Bank group bank (and wife works there) and another Nationalised bank. I believe that State Bank group banks have almost identical web pages, and I am not charged anything for web transaction simply because it is internet based.

If I have to make a payment for a transaction at the counter, I need to pay the same on the internet site too.

Quote:

Originally Posted by sandeep3in

SBI has released the secureid but they were charging the customers for the same which shouldn't be the case when it comes to security.

I have two saving accounts in SBI with Internet banking facility. SBI Internet banking has got high transaction password which will be sent by sms to the approved mobile number, which will have to be entered. Then only fund transafer will take place. There is an option to bypass this also! As far as I know, SBI does not charge for this facility.

[NetfreakBombay]

Quote:

Originally Posted by BaCkSeAtDrIVeR

Do not confuse IP address from which the mail originated with the site / server hosting the malicious site. Systems can be hacked to relay spam mails; but it requires deliberate, malicious intent and express action to host a server which holds the malicious site.

Disagree with that.

Sites are run on compromised servers (and PCs) that do not belong to scamsters.

Case in point, Team BHP's server was running another forum that not updated. This forum was exploited to host pornographic material.

And there are bunch of PCs + websites that are not updated . Those are "harvested" and sold at bulk rates.

Practically impossible to trace culprits based on IP in this case. IP as well as server belongs to another call of "victims".

Only feasible way of catching these culprits is by tracing the money trail.

Quote:

Originally Posted by BaCkSeAtDrIVeR

What exactly are you meaning to say? I have account in a State Bank group bank (and wife works there) and another Nationalised bank. I believe that State Bank group banks have almost identical web pages, and I am not charged anything for web transaction simply because it is internet based.

If I have to make a payment for a transaction at the counter, I need to pay the same on the internet site too.

You DO NOT have to pay for transaction.

But you might have to pay for getting "secure id". This device generates a new password every few minutes. To login, you have to enter your password + password shown on secure id device.

So, even if someone knows the password, its useless unless that person also steals the device. It enhances security.

I did not have to pay for this device on other banks (mostly private).

[mithun]

Here is another phishing mail(BOI) :

Bank of India Phishing e-mail Mithun John Jacob's Ramblings

[ddriver]

Dear all,
from last 2 months i am trying hard to get my money back by each and every source and in this line i send the complaint to the Nodal officer and to the Chairman of the PNB and today there is a first mail came from delhi and it read like this:--

Quote:

Dear Sir,

With reference to your complaint, we would like to inform that the transaction in question has taken place by use Internet Banking Service by using Authorized Login ID, Password and Transaction Password. As such, bank is not responsible for any loss suffered by you, if any, through the transaction in question, as per terms & conditions of Internet Banking Service being availed by you.

As regards lodgment of First Information Report with Police Authorities, it is advised that as the offence under the provisions of the information & Technology Act has taken place at your end, you may report the matter appropriately to the Cyber Crime Cell of the concerned Police Station at your level. However, we assure to provide necessary help in the matter.

The matter is now being dealt by our Cyber Crime Cell and for any further query/information, please contact them at the following address.

The Chief Manager, Cyber Crime Cell, I.T.Division, HO: 5, Parliament Street, New Delhi-110001. Phone- 23352024.

Thanking you,

Yours Faithfully,

Senior Manager
Customer Care Centre
HO: 5,Parliament Street, New Delhi.

My question is what i can do now as all the routes are closed i guess except the consumer court.

i am really surprised as i stated in my earlier mail about -

Quote:

than during the conversation i just asked him that how the hackers on the 3rd december itself took out Rs 55000/- at once.
on this he stated that they have taken out money in denominations of Rs 10,000 each and he showed me the account of jayram on computer and i was shocked to see that the amount was taken out on 9th december!!
when i told him that i asked the bank to freeze the said account on 3rd itself, he got surprised and asked the bank manager and he said in affirmative way that indeed the request was sent to bangalore branch on 3rd dec itself.
than he was shcked to listen to this statement and told me that 99.99 percent i will get my money back because whether you have done some mistake in revealing your password to hackers but you intimate the bank on the same day and the money was lying in the hackers account for 6 consecutive days and bank did not taken any action or putting your money back so its now the bank duty to give you money.
he said i will submitt the report to bank authorities very soon.

Also the big question is that now the branch manager is saying that the money has been drawn by the other person on the 3rd december itself and 9th december date which was showing earlier was the proxy entry. Also he stated that the hacker took out money Rs. 45000/- the same day through ATM which again left a question as the account other person possessing is an underpriviledged account, so how come Rs. 45000/- can be drawn without any daylimit.
Please let me know what else i have left to do to recover my money.
regards

[COUGAR]

Actually if your legit UID/PWD was used to make the transfer then there is little than the bank can do to help you get your money back. What they SHOULD do however, is based on your complaint, track down the IP address and other details used to make the offending transfer and use that info to track down the culprit.

But that can happen only on the basis of a complaint filed by YOU at the local police station. You may or may not get your money back. However you can do something to catch the culprit and thus help others from suffering the same fate.

On another note: Not every incident of funds dissapearing is phishing. Sometimes, as i just discovered, the bank can take back the money and put it on hold for various reasons. I had transferred some money from Chase US to ICICI and 2 days after the transfer was done, the money just vanished! A call to the bank revealed that amounts transfers over a certain dollar amount were put on hold if they were deemed suspicous and for some reasons my transfer triggered an alert. It was eventually returned: 7 days later! but only after I personally visited the bank and all that.

ofcourse, one should expect that a bank like ICICI should call up and tell its customers that it is doing something like this. But they dont! We only find out when we drop a cheque that bounces!

[deepakchiniwal]

@ddriver, going by only the information you have given this looks like someone in the bank doing this act.

1. No hackers will use multiple accounts from the same bank to transfer the funds. (Read Victim and hacker's accounts). I do not suspect the case of Phishing. To be a victim of Phishing the victim has to act on the email / call by giving out information, which according to your statements you have never received the email nor have acted on any such dubious act.

I want to understand, if you use the "Save Password" feature on any browsers and/or have used any public systems to access your account.

I am assuming that your system is clean of Virus/Trojans/Malware and is using a good updated Anti virus. Plus have all system related patches up to date.

2. I very much believe the Cyber cell will not take such a long time to let you the details. Since the PNB is a "Core Bank" enabled bank, the system is so robust that you can trace back transaction to the very tiniest of information, including the IP logging etc.

3. I would want to believe, you have been a victim of the classic example of untrained employees of the bank. It has been a practice at least in India, the bank clerk goofs up the account by doing such false transfers. For e.g The amount is to be transferred from XX account to YY account, they do it either by transferring from X account to YY account, or from X account to Y account.

4. Sending emails wont work atleast in the Public sector banks. Give in Handwritten letters going further with BLUE INK only. We have not yet transformed or evolved from Handwritten complaints. Our Law is yet to wake up to standards to start accepting Emails as proof of writing complaints.

Hope at least 1% of the above comes of help to you.

[zaks]

What happened to the police complaint? Did you follow up? May be you should write to the consumer grievance cell.

[Chipz]

Did not you file a case with banking ombudsman. The banking authority has been playing with you for 3 months. I dont think you should waste more time. If possible recheck the account statement of jayram. It will show when the money was withdrawn. If it is after 3rd december, you will have a good case.

[BaCkSeAtDrIVeR]

I seriously suggest you consider meeting the CBI office in your area. They are the investigating agency in charge of Bank's frauds etc. where nationalised banks are involved.

But, if bank officials are not involved, you will be sent back to the State government authorities.

Confusion??

Here is is the easy way out.

1. Meet a lawyer.
2. Ask him to draft a letter, on your behalf (NOT a lawyer notice) to the Superintendent of police of your district (where you live / branck is situated). Send the letter by registered post, with acknowledgement due.
3. the police will decide after preliminary investigations, whether this should go the CB I or cyber cell or whatever.

This is the procedure described in the code of criminal procedure.

[vrprabhu]

Quote:

Originally Posted by ddriver

My question is what i can do now as all the routes are closed i guess except the consumer court.

Please let me know what else i have left to do to recover my money.

Been following for your travails, and was sure that this was bound to happen - unavoidable.

IMHO, you are mixing two issues into one -

(a) You lost money from your account;

(b) The bank was aware of such incidences!!

Why I am specifying the above is, we have to start at the beginning -

1. The moment you have applied for a net banking id, you have bound yourself with the terms and conditions imposed by the Bank. How many of you have a copy of the applications and the terms & conditions with you?
In your case, the terms and conditions are here - https://netbanking.netpnb.com/web/helpfile/Terms.htm

2. Every Bank has to put in place a security policy / guideline for net banking. This is broadly as per the standards set out by RBI.

3. The moment you notice something wrong in your account, you MUST bring it to the attention of the BANK in WRITING. Have you done so? Do you have a copy acknowledged by the BANK? Your complaint should be specific about "unauthorised debit / withdrawal from your account" - without getting into the part about the person who is alleged to have stolen the money, the manager being aware, freezing of account etc.

A note here - don't get into investigation part - that is BANK's headache. As a customer - you have LOST your money, and if it was BANK's fault, they have to reimburse it to you.

4. Having submitted the complaint, you have to wait a reasonable period for the bank to study it and come out with a solution.

5. In your case, thankfully, the reply received from Customer Care Centre acknowledges your complaint.

6. This letter is helpful on these counts (a) the Bank is investigating the issue - indirect admittance that there was something wrong and your complaint had merits; and (b) they have advised you to file a complaint with the Cyber Crime Cell - in which case, you can name them in your complaint and they will be forced to hand over whatever information they have.

7. Now what you have to do is (a) write back to them saying that you are not satisfied with their reply. This is the time to bring in the fact that the Bank was already aware of such phishing attacks, but had been complacent. Mark a copy of this to the concerned dept whose address has been given by them. AND ALSO to (1) the head office of PNB - let us say to General Manager, IT Dept; (2) to the customer service cell of public sector bank of your area. For each area / state, there is a designated PSB which will co-ordinate the customer complaints pertaining to any member Bank. Find out which Bank is the co-ordinator for your city. (Remember - there is no point threatening or aggravating the issue).

8. Send these complaints by registered post and obtain confirmation.

9. Wait for some more time - a couple of weeks and then send a reminder. Remind them that the issue is now ___ months old and taking an inordinately long time to get resolved. The loss of money is causing financial distress and you would like the matter to be settled in maximum time of one month etc. Keep a record of all the correspondence.

10. If the problem is not resolved to your satisfaction, then comes the time to approach the banking ombudsman.

11. You have to write a separate letter to the ombudsman, stating all the above and attaching copies of the correspondence.

A note here - ombudsman deals generally treats complaints like this : (a) deficiency / discrimination in service; (b) where there is a mistake / over charging etc. by the Bank and customer has suffered a loss which has to be made good by the bank.

12. The ombudsman will take up the matter with the bank and give a fair hearing to both the parties concerned and come out with their verdict.

If your problem is not solved, then go ahead with legal / consumer court formalities.

PS - I would advise a little patience. Things take their time to move in a PSB. They will looking for scape goats.

[Shan2nu]

Im a novice when it comes to banking.

So, what are the steps i should follow to secure my account, so that things like this don't happen to me.

As of now, i dont do net banking, all transactions are via cheque or atm debit card.

PS : Any idea how the money was transfered in the tread starters case?

Shan2nu