Internet Banking as a new type of financial services in the Information Age is gaining popularity among the banking customers. Yet, spoof websites stop some of them going online. How to recognize and counteract disgusting fake websites? ICBC online banking experts draw some of the cases and offer tips to help you "wage battle" over them.

I. What is fake website scam
Fake website scam is a form of "phishing". Phishers, pretending to be a legitimate bank,  set up a site that looks like a bank website or online banking web page and send you fraudulent messages to steal your online banking registration card No. (Logon ID), password, code card and then your money.
Fake website scams started in North America and made their way to Asia in 2003. Numerous cases have been reported in Hong Kong about A/C password, and money stolen from online banking users by spoof websites. Counterfeit bank websites began to show up in Mainland China since 2004. Scores of internet security incidents in the media let online banking security become a major concern of all.

II. Types of fake websites
1. Authentic-looking website address. In China, it's very cheap to register a domain name. Scammers usually use domain names very similar to real websites in order to make the fake websites look genuine.
2. Similar web page and content. Fake websites include LOGO, images, news and links of the real websites to make the websites appear legitimate, using similar layout and content. 

III. Scammer tricks
1. Use virus to broadcast fake websites 
Scammers clone a web page which looks almost identical to a real bank web page and choose logon address very close to the bank's website address. Then they send the URL of the fake website to your computer using virus or spam software and place the URL on the search websites to trick you logon and reveal your card No., password. We have found fake websites such as “http://www.1cbc.com.cn”, “http://mybank.iclc.com.cn/”, “http://www.icbc.dizhen.com” very similar to ICBC website URL: http://www.icbc.com.cn, https://mybank.icbc.com.cn.
2. Send fraudulent SMS that appear to be from a bank
Scammers send fraudulent SMS to your mobile phone purportedly from your bank, telling that you win the lucky draw or your account has been stolen. You are then asked to confirm your account information by logging on the website specified in the SMS. The website is actually a fake website set up by the phishers to steal your information. If you logon the fake website, your personal particulars (card No., password, ID No.) will be captured by them.
3. Send fraudulent emails claiming to be from a bank and trick you logon fake website
Scammers send fraudulent email messages in junk asking you to click the link in the email and logon an interface that looks very similar to a bank web page. Reasons can be: you win a lucky draw, give you advice, reconcile your accounts, your account number has been frozen, or upgrade of the bank system. Once you click on the link, your card (A/C) No., password will be captured if you enter. Lately, scammers send emails to ICBC customers in the name of "ICBC Online Security Division", asking cardholders to change password at a specified web page to recover their frozen account. 
4. Erect faked e-commerce websites, use faked payment web page to steal customers' online banking information
First of all, cybercriminals erect a bogus e-commerce website, then publish counterfeit merchandise at Taobao, QQ.com or other e-commerce websites. The prices of the counterfeit merchandise are usually far cheaper than similar products in the market. The cybercriminals also leave their QQ No., MSN or other instant messaging No., and URL of the fake e-commerce website. When you decide to buy the attractive low-priced merchandize and pay online through the website, you are then re-routed to a seemingly legitimate payment web page of a bank. The cybercriminals capture your card No., password once you enter the faked payment web page.

IV. Eight Tips to avoid fake website scams
1. Use USB-Shield
USB-Shield (certificate for Personal Internet Banking customers) is the first patented "Intelligent Guard" for protecting online banking users launched by ICBC in the country. Once you have a USB-Shield, you can bank online freely as long as you keep your USB-Shield and password safe on hand. No need to worry about being attacked by hackers, fake websites or trojan virus. 
2. Reserved Verification Information 
"Reserved Information Verification" is an ICBC service to help customers effectively identify fake bank websites and stop scammers to use fake websites to defraud gullible respondents. You only need to supply a paragraph of words to ICBC in advance (" reserved information”). When you logon ICBC Personal Internet Banking, make online payment at shopping websites or sign autopay agreements online, your reserved information will be displayed automatically on the web page for you to check if the website is the true ICBC website. Otherwise, the website is fake if you cannot find your reserved information on the web page or the displayed information is different from what is given by you.
3. Enter Correct URL
Type the correct ICBC website address and add into your IE browser "folder" for easy logon later. Do not click on any hyperlink to access ICBC website.
ICBC web portal URL: http://www.icbc.com.cn;
ICBC Personal Internet Banking (English) logon URL: https://mybank.icbc.com.cn/icbc/enperbank/index.jsp.
4. Check Website Address
When you logon ICBC Internet Banking or pay online, check if the URL is the same as the URL announced by ICBC. Beware of scams to steal your confidential information at faked websites that look similar to ICBC website. The URLs of ICBC Personal Internet Banking logon page and online payment web page all start with https://mybank.icbc.com.cn.
5. Check Padlock
128-bit SSL encryption is used for ICBC Personal Internet Banking home page and online payment web page. After opening the above web pages, check if a "padlock" is displayed on the status bar at the bottom right hand corner of the browser. Click the lock, you should see the following:
On the Internet Banking logon web page, the certificate matched with the padlock icon displayed on the status bar at the bottom right hand corner of the browser should be:
Issued to: mybank.icbc.com.cn - Internet Banking (General Edition)
                    vip.icbc.com.cn - Internet Banking (VIP Edition)
Issued by: veriSign Class 3 Extended Validation SSL SGC CA
6. Spot Faked E-Commerce Websites at ICBC "Shopping Mall"
When you pay online, if you do not know if the e-commerce website is a fake, logon ICBC website, go to ICBC "Shopping Mall" and check if the e-commerce website has signed up ICBC online payment service. Please remember, true ICBC online payment web page will prompt you to enter payment card No. and verification code first. After you enter correctly, ICBC web page will display your reserved information for you to verify. If you find the returned information is incorrect or you have question on it, stop the payment immediately and call 95588. If correct information is returned, follow the instructions, insert your USB-Shield and enter password. If you use a code card, follow the two coordinates given and enter the password matched under the coordinates, then finish the online payment.
One special point: Every time when you pay online, ICBC system only gives you two coordinates to enter the password. You should be careful if the website asks you to enter password for more than two coordinates. Call ICBC customer hotline 95588 to confirm.
7. Update Your Software
Install a firewall in your computer. By keeping the software up to date, you make it more difficult for hackers to steal your account information. Besides, to stop others using your software vulnerabilities to access the information in your computer, you should download latest Windows OS patches and make sure they are applied.
8. Stay Alert
ICBC has assigned a special department to manage ICBC website and ensure the website is running smoothly, no "system maintenance" in general. ICBC system will suspend services in case of major upgrade. Advance notice will be given to all customers at the web portal or through 95588 service hotline. ICBC never uses email, SMS, phone calls to ask customers to change password at a specified web page. Moreover, a bank never informs customers by email, SMS or phone calls that they have won a lucky draw, and asks customers to pay tax or postage before collecting the prize. If you receive this type of email, SMS or phone calls, call ICBC customer service hotline 95588 directly and report.

ICBC website address: http://www.icbc.com.cn, customer service hotline: 95588.