Commercial Bank of Ceylon Limited

E-mail and Online Fraud

What is e-mail fraud?

Phony e-mail messages sent to you for the purpose of stealing personal and financial information are among the most common types of e-mail fraud.

Disguised as legitimate e-mails and claiming to be from sources you trust, these messages attempt to entice you to provide your confidential information (On-line IDs, Passwords, National Identity Card & Passport numbers and account numbers, ect..) This unhealthy practice is commonly known as phishing or spoofing, in the IT terminology, which is commonly used by criminals to gain access to your existing accounts or to use your personal and financial information to open new accounts.

How to spot a fraud ?

	Spotting phony e-mail messages is not always easy, because the criminals who use them are becoming more sophisticated in creating them.
	Phony e-mail messages may ask you to reply directly or click on a link that takes you to a fraudulent web site that appears to be legitimate. In either case, they will generally ask you to provide sensitive personal, financial or account information.

Here are some tips for spotting phony e-mails :

Urgent appeals. Frequently, these e-mails claim that your account may be closed if you fail to confirm, verify or authenticate your personal information immediately.

Requests for security information. Fraudulent e-mails often claim that the bank has lost important security information that needs to be updated. They may also request the user to visit and update this information online.

Typos and other errors. Fraudulent e-mails or web sites may contain typographical or grammatical errors. The writing may also be awkward, stilted or inappropriate. The visual or design quality may be poor.

How to protect yourself against e-mail or online fraud ?

	Make sure the security features of your computer software, including your web browser, are up-to-date.
	Don't take anything for granted. Always keep in mind that forging e-mails and creating fraudulent web sites are not difficult.
	Confirm the validity of all requests for sensitive personal, financial or account information, particularly if they are made with an urgent or threatening tone.
	Call the bank directly on Tel: + 94 11 5359152 to confirm requests for updating or verifying personal or account information.
	Do not share your User IDs or passwords with anyone. Choose passwords that are difficult for others to guess and use a different password for each of your User ID. Use both letters and numbers and a combination of lowercase and uppercase if the passwords are case sensitive. Change your password regularly.
	If you think you may have provided personal or account information in response to a fraudulent e-mail or web site, report the fraud immediately to the bank on Tel: + 94 11 5359152 and change your password. Make sure to monitor your account activity frequently.
	Always sign off from the Online Banking facility after use, for which you used a User ID and password to enter.
	Be careful and selective before providing your e-mail address to a questionable web site. Sharing your e-mail address makes you more likely to receive fraudulent e-mails.