ICICI Bank Phishing Guide — iMobile Pay, iBusiness & NetBanking Traps
How to identify ICICI Bank phishing: real vs fake NetBanking / iMobile Pay URLs, iBusiness lookalikes, sender IDs, and how to report to ICICI + cybercrime.gov.in.
Official ICICI Bank channels
- NetBanking: https://infinity.icicibank.com
- iMobile Pay: only via the app on Play Store / App Store
- iBusiness (corporate): https://ibusiness.icicibank.com
- Customer care: 1860 120 7777
- Report phishing: antiphishing@icicibank.com
- Cybercrime helpline: 1930
Phishing red flags specific to ICICI Bank
- URL is not *.icicibank.com — imobile-pay.in, icici-verify.co, ibusiness-icici.in are all fake.
- 'Update PAN or account will be frozen' — one of the top 3 ICICI phishing themes since the RBI PAN-Aadhaar rule.
- SMS from short-code numbers with links — real ICICI uses TRAI-registered sender IDs like AD-ICICIB, JD-ICICIT.
- Any WhatsApp claiming to be ICICI 'support' or 'iMobile helpdesk' — ICICI does not offer WhatsApp support.
- Fake iBusiness login pages targeting SME account holders (usually URL-shortened links in email).
How to verify a message is real
- URL check: paste into PhishGuard's scanner. It compares against ICICI's real domains and warns on typosquats.
- iMobile: only from Play Store / App Store, publisher must be 'ICICI Bank'.
- Call: hang up and dial 1860 120 7777 yourself — the real customer care never minds a callback.
Why ICICI Bank is a top phishing target in India
ICICI Bank has one of the largest digital-banking footprints in India. Every additional million users adds proportional phishing volume — attackers automate template generation, register hundreds of lookalike domains per week, and rotate them faster than the takedown process can keep up. The bank's official channels are stable and well-documented; the fake ones aren't. This guide focuses on the difference so you can decide in under 30 seconds whether a message deserves your PIN.
What to do in the first 60 seconds of a suspicious message
Stop. Don't click. Read the sender ID, the domain in the URL, and the ask. If any of the red flags below apply, screenshot the message and delete it. If money already moved, call 1930 immediately and file at cybercrime.gov.in within 24 hours — that is the RBI-mandated window where beneficiary accounts can still be frozen. Every hour after that reduces recovery odds sharply.
Frequently asked questions
What is the real ICICI NetBanking URL?
https://infinity.icicibank.com for retail, https://ibusiness.icicibank.com for corporate. Everything else is fake.
Will ICICI ever ask for iMobile MPIN?
No. Your MPIN is only entered inside the real iMobile app on your registered device. ICICI staff never ask for it — not by phone, SMS, email, or WhatsApp.
How do I report ICICI phishing?
Email antiphishing@icicibank.com with the phishing URL and any screenshots. If money was lost, call 1930 within 24 hours.
Are ICICI cashback / reward SMSes real?
Real reward SMSes never contain a link asking you to log in. If it links to a login page, it's a phishing clone.
How do I check an ICICI URL is safe before logging in?
PhishGuard's URL scanner checks the domain against ICICI's real list, verifies the SSL certificate, checks domain age, and runs an ML model. Verdict in under 3 seconds.