4
Suspicious messages asking users to submit a refund application for the disbursement of income tax (I-T) refund have been doing the rounds, with a link that directs users to a webpage looking like the I-T e-filing web page. An investigation by CyberPeace Foundation along with Autobot Infosec Private Ltd reveals that similar looking but fake websites of five banks, State Bank of India (SBI), ICICI Bank, Axis Bank, Punjab National Bank (PNB) and HDFC Bank, are used to collect all personal and financial data. Further, an app gets installed on the user s Android mobile device, which asks for administrator rights and takes full control for duping.
NEW DELHI:
Online Phishing Scam in SBI Online: Several users of the State Bank of India (SBI) have been targeted with a phishing scam where hackers have flooded them with suspicious text messages, requesting them to redeem their SBI credit points worth Rs 9,870.
The link associated with the text messages redirects the user to a fake website and on the landing page, the user is asked to submit personal information along with sensitive financial details like card number, expiry date, CVV and MPIN in a State Bank of India Fill Your Details form.
According to the investigation by New Delhi-based think tank CyberPeace Foundation along with Autobot Infosec Private Ltd, the website collects data directly without any verification and is registered by a third party instead of having the registrant organisation name of State Bank of India, making it all the more suspicious.
Several users of the State Bank of India (SBI) have been targeted with a phishing scam where hackers have flooded them with suspicious text messages, requesting them to redeem their SBI credit points worth Rs 9,870. The link associated with the text messages redirects the user to a fake website and on the landing page, the user is asked to submit personal information along with sensitive financial details like card number, expiry date, CVV and Mpin in a State Bank of India Fill Your Details form. According to the investigation by New Delhi-based think tank CyberPeace Foundation along with Autobot Infosec Private Ltd, the website collects data directly without any verification and is registered by a third party instead of having the registrant organisation name of State Bank of India, making it all the more suspicious.