The customers of SBI Bank have to be aware of the new scam in the name of customer KYC verification. Read on to know more…
If you are a State Bank of India (SBI) customer, then there is crucial information for you. Hackers of Chinese origin are targeting State Bank of India customers with phishing scams that promising them with free gifts.
In collaboration with Autobot Infosec Pvt Ltd, the research arm of New Delhi-based think tank CyberPeace Foundation investigated two similar events involving SBI that were experienced by some smartphone users.
According to the researchers, hackers are targeting bank customers under the name of Know Your Customer (KYC) verification. The fraud begins with a SMS text message or a WhatsApp message. In the message, they ask you to update your KYC through a link that is present in the message itself. Aside from that, you’ll receive an email.
Modus Operandi
According to a report, cybersecurity experts cautioned the people that the hackers are requesting SBI customers to update their KYC via a specific website link in order to avail free gifts worth ₹50 lakh from the bank via a WhatsApp message. The security researchers noted that the registrant country for all domain names involved with the malicious campaign is China.
The landing page that appears in the first case of the text message demanding KYC verification resembles the official SBI web page. When the user clicks the “Continue to Login” button, the user is redirected to the full-kyc.php page, which requests personal information such as username, password, and a captcha in order to access online banking.
The researchers noted that “Following this, it asks for an One-Time password (OTP) sent to the user’s mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page,”
The research team arrived at a conclusion that the campaign is ostensibly sponsored by the State Bank of India, but it is hosted on a third-party domain rather than the official website www.onlinesbi.com, which raises suspicions. To entice customers, the overall look of the malicious campaign’s web page is kept identical to the official SBI net banking site.
In the second scenario of persuading consumers to win attractive free gift items, the researchers discovered that the WhatsApp message also redirects the unsuspecting user to a malicious link
“On the landing page, a congratulations message appears with an attractive photo of State Bank of India and asks users to participate in a quick survey to get a free gift of Rs 50 lakh from the State bank of India,” the researchers noted.
A section emerges at the bottom of the website that appears to be a Facebook comment section, where numerous individuals have commented on how advantageous the offer is.
The URLs were investigated by the security researchers in a secure sandbox environment without the WhatsApp installed.
Other Similar Malicious Campaigns
The research team noted that “The URL manipulation showed that the web server has directory listing enabled and found other links visible which proves that not only the SBI users, IDFC, PNB, IndusInd and Kotak bank users are also targeted by the same type of phishing scam,”
In March of this year, the same research team disclosed that many SBI customers were the victims of a phishing scam in which hackers bombarded them with malicious text messages requesting that they redeem their SBI credit points of ₹9,870.
SBI had previously warned its customers in April about a similar OTP scam in which scammers solicit users to provide their OTP in order to delay their loan EMIs. SBI Bank said in a statement on the microblogging site Twitter that fraudsters had developed new techniques to deceive customers. Customers are called by scammers to reveal their OTP in order to postpone their loan EMIs in this new type of cybercrime.
Mitigation
The original website of the SBI retail online banking URL looks like this: https://retail.onlinesbi.com/retail/login.htm. The fake website’s address will be different from this.
If you use net banking, do not click on any messages that contains a bank-related web link. Always use a web browser and enter the URL correctly before using net banking. Researchers warn that people should avoid opening such malicious embedded messages delivered via social media platforms.