The hackers of Chinese origin are targeting State Bank of India (SBI) consumers with phishing scams by providing gifts. According to a source, the hackers are urging users to update their KYC using a particular website link and giving gifts worth Rs 50 lakh from the bank via a WhatsApp message, cybersecurity analysts said.
The research wing of New Delhi-based think tank CyberPeace Foundation, along with Autobot Infosec Pvt Ltd, studied two such incidents on the name of SBI that were faced by some smartphone users.
“All the domain names associated with the campaign have the registrant country like China,” the research team informed IANS.
Fresh Trouble For SBI Users!
Hackers are requesting KYC verification, the landing page that appears to resemble the official SBI online page.
Now whenever someone clicks the “Continue to Login” button, it redirects the user to the full-kyc.php page, asking for confidential information like username, password and a captcha to login to the online banking.
“Following this, it asks for an OTP sent to the user’s mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page,” the researchers informed.
The Official SBI Net Banking Web Page Vs The Fake One!
The research team came to the conclusion that the campaign is pretended to be launched from the State Bank of India but hosted on the third-party domain instead of the official website www.onlinesbi.com, which makes it more suspicious.
The overall layout of the web page used in the campaign is kept similar to the official SBI net banking site to lure the users.
However, the SBI was yet to react to the report. In the second case of luring users to win attractive gifts, the team found that the WhatsApp message also redirects the user to a link.
“On the landing page, a congratulations message appears with an attractive photo of State Bank of India and asks users to participate in a quick survey to get a gift of Rs 50 lakh from the State bank of India,” the researchers informed.
The researchers recommend that people should avoid opening such messages sent via social platforms.
“The URL manipulation showed that the webserver has directory listing enabled and found other links visible which proves that not only the SBI users, IDFC, PNB, IndusInd and Kotak bank users are also targeted by the same type of phishing scam,” the team noted.
Comments are closed, but trackbacks and pingbacks are open.