Phishing FAQs

What is phishing?

Online phishing is a method of identity theft meant to trick an unsuspecting user to reveal personal or financial information online. Phishers pretend to be trusted businesses in order to steal usernames, passwords, credit card numbers, billing information etc.

How should I know, if it is Phishing email?

A. Phishing scam will ask you for personal information. Any email that you get from a reputable institution - Samba, eBay, Amazon, etc. - will NEVER EVER ask you for your password or your other personal information.

The message appears to be coming from Samba or another website that asks you to take action of some sort (e.g., update account information). It is the type of information that's being requested that should serve as a warning to you. Do not respond to the following:

Do not respond to the following:

  • Urgent requests for personal financial information
  • Alarmist statements that tell you to act immediately
  • Requests for "restricted" information, including usernames, passwords and account numbers
  • Messages with an unusual ‘From’ address or an unusual ‘Reply-To’ address

Sample Bogus sites

Note that the screenshot above appears to be legitimate at first sight, but it is not. The browser address bar shows a URL other than that of Samba.

Samba will never ask you for your username, password, or similar restricted data, through email, phone, text or any other means.

What if I receive a phishing email?

In case you receive a phishing email from someone posing as Samba,

  • Do not respond to the email.
  • Forward that email immediately to
  • Delete the email without clicking on any link in the email
  • Ignore any phone number mentioned in the email

What if I receive a phone call asking for my personal details?

Samba will never call you and ask for your personal details. Such phone calls are NOT legitimate. In case of such a request, call SambaPhone and give them the Caller ID.

If I come across a website I think is phishing, how do I report it?

Report a phishing Web site by calling SambaPhone or by sending website URL to and we'll investigate

What should I do if I think I've entered my personal or financial information into a phishing website or I've been a victim of phishing?

Please do the following immediately:

  • Contact SambaPhone and tell them about the email and what sort of information you have entered.
  • Follow the instructions from the SambaPhone professional
  • Change the passwords or PINs on all your online accounts immediately

How did the phishers get my email address?

Phishers do not target individuals, but send out thousands of scam emails to randomly generated email addresses in the hope that some will be successful. They also search the web for valid addresses they can use and exchange this information with each other. If you have ever posted on an internet forum or published something on the web, there's a good chance your address will be targeted by the phishers. If you have fallen victim before, your address is normally added to a list of 'easy victims' and you are likely to then receive even more scams.

"Forwarded" emails are also good source of email addresses. Spammers start mail chains in the hope of getting a list of live email addresses. Refrain from forwarding emails or if it is absolutely necessary, then remove all unnecessary email addresses from the email before sending it.

What can I do to help protect myself from online phishing?

Be very careful with your personal information. Samba will never ask you to reveal your personal information such as passwords and account numbers through email.

  • Be cautious about providing sensitive data in an email message, instant message, or pop-up window
  • Be wary of clicking links in email messages and instant messages
  • If you are going to visit any site where you intend to enter your account details or similar information, you should only go there by typing the site's address directly into the browser address bar and not by clicking a link in an email. This is the only way to be sure you are visiting the real site and not a fake one.
  • Never give out your personal details.

Is it safe to enter my user-ID/password anywhere on the Bank's official site?

Please do not enter any confidential information (user-ID/password) on any online resource except the designated pages for entering your username and password, even on the official Samba site.

What is the official website of the Bank?

The official website of the Bank is provided in your account statements and other official communication from Samba. Please do not enter any account-related information, PIN or any other personal information on any site other than the Bank's official site. If in doubt about a site, please contact SambaPhone or your relationship manager to verify.

How do I ensure that the site I am visiting belongs to Samba?

Please do not trust any site even if it bears the Samba logo or looks and feels like the bank's website. You should only trust a site if you have entered the site address (provided by Samba through an official communication, e.g., a letter or your account statement) yourself in the address bar of your browser. If you have come to the site by clicking a link, please ensure that the site address (in the address bar of the browser) is the one provided by Samba through official communication.

Does Samba ask users to supply their ID and password via email?

No. Under no circumstances Samba will ever request you to provide or confirm your ID and password via email. You should never divulge your Samba password to anyone in any case.