The SMS, sent from "JM-BOIIND-S," warned that my account "would become dormant on 14-02-2027" and insisted, "Please do transaction in this account."
A warning for a year from now? Why would BOI send this today? I had little reason to doubt the sender's address, as I’ve received legitimate transaction alerts from it before. Still, it made no sense.
I assumed BOI—a nationalised bank often associated with careless handling—had simply mistyped the year. It should have been 2026. So, late in the evening, I decided to do a small transaction of just about ₹100 to prevent my account from going dormant.
I picked up my tablet and tried reaching BOI's online login site through Chrome. That’s when things got alarming.
Instead of the login page, I saw this warning: "Your connection is not private. Attackers might be trying to steal your information from uaibconnect.bankofindia.bank.in (for example, passwords, messages, or credit cards)..."
Undeterred, I tried to proceed. The next message was even more startling. It stated that the website "normally uses encryption to protect your information," but this time, it "sent back unusual and incorrect credentials." Why? Chrome explained: "This may happen when an attacker is trying to pretend to be uaibconnect.bankofindia.bank.in, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged."
It added that I could not visit the site "right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later."
So, was the SMS fake? A cleverly disguised phishing attempt? Or is the bank's website genuinely compromised?
I honestly don't know. But Bank of India should issue a clarification—if, of course, it cares about its customers.
Comments