Hackers, reportedly of Chinese origin, are brewing fresh trouble for the State Bank of India (SBI) by targeting users’ bank accounts with phishing scams. Cybersecurity researchers have warned that hackers are asking customers to update their KYC using a particular website link and luring them with free gifts worth Rs 50 lakh via a WhatsApp message.
The research wing of New Delhi-based think tank CyberPeace Foundation, along with Autobot Infosec Pvt Ltd, studied two such incidents faced by some smartphone users, IANS reported.
In the first case of the text message requesting KYC verification, the landing page resembled the official SBI online page.
“It then asks for the OTP sent to the user’s mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page,” the researchers said, as quoted by IANS.
On clicking the “Continue to Login” button, it redirects the user to the full-kyc.php page, asking for confidential information like username, password and a captcha in order to log in to the online banking.
“All the domain names associated with the campaign have the registrant country as China,” the research team said.
The research team concluded that the campaign pretended to be launched from the State Bank of India, is hosted on the third-party domain instead of the official website www.onlinesbi.com.
The overall layout of the web page used in the campaign is kept similar to the official SBI net banking site to convince the users.
In the second instance of fraud, users were promised attractive free gifts. The team found that the WhatsApp message also redirects the user to another link.
“On the landing page, a congratulations message appears with a photo of State Bank of India and asks users to participate in a quick survey to get a free gift of Rs 50 lakh from the State bank of India,” the researchers informed.
At the bottom of the page, a section appears which seems to be a Facebook comment section where many users have commented about how the offer is beneficial.
“The URL manipulation showed that the webserver has directory listing enabled and found other links visible which proves that not only the SBI users, IDFC, PNB, IndusInd and Kotak bank users are also targeted by the same type of phishing scam,” the team noted.
In March this year, the same research team had pointed out that several users of the SBI were targeted in a phishing scam where hackers flooded them with suspicious text messages, requesting them to redeem their SBI credit points worth Rs 9,870.
(With inputs from IANS)
