A Belagavi-based IT company has detected a massive online scam targeting State Bank of India (SBI) users. The Threat Intelligence team in Shreshta IT Technologies Private Limited uncovered a massive phishing scam targeting SBI users.
Shreshta founder Swapneel Patnekar says, “SBI users have been targeted in phishing attacks even in the past. This campaign involves sending phishing URLs to users via various channels, such as email, SMS and WhatsApp. The motive of the threat actors is to harvest the Personally Identifiable Information (PII) of users, specifically the user’s Internet banking credentials, Aadhaar number, PAN and date of birth. This can lead to violation of privacy, and also financial loss.. We have issued an advisory to users, and also sent an alert to the bank.”
“The phishing websites are lazily crafted, containing images from the official login page of the bank website. We believe the phishing websites are specifically designed for mobile banking, as evident from the structure and design of the website. But this design is sufficient to convince users that they are dealing with the bank. Users need to be cautious when their details are sought,” he said.
A large part of the phishing website has been developed by using images from the official website. Security instructions in the phishing website are in the form of an image. After clicking on the ‘Continue to Login’ button, the user is redirected to a login page.
The image CAPTCHA (image verification) and the Audio CAPTCHA don’t work since they are mere placeholder images
New User and Forgot Username and Password links don’t work because they are placeholder images. After the user submits their internet banking login credentials, the user is redirected to the OTP request page. The phishing page prompts the user to enter their account holder name and date of birth. After the user enters the account holder name and the date of birth, an OTP page is presented to the user. The phishing website then prompts the user to enter their full name as per their PAN and reveal their PAN. The page prompts the user to enter their Aadhaar number, and their full name as per the Aadhaar card. This page prompts the user to enter the OTP. After submitting the OTP, the phishing website indicates that it is verifying the details, but after some time, it times out.
Safety recommendations comprising an SMS/email/WhatsApp message with a tone of urgency should be dealt with extreme caution. This is true, especially in the case of any message from the bank. Always reach out directly to the bank and verify suspicious messages and emails before taking any action. If you become a victim of cybercrime, particularly financial crime, call the national cybercrime helpline 1930 or file a complaint at https://cybercrime.gov.in/.
A team led by Mr Patnekar and Pranay Patil has developed a tool to automatically identity such issues in real time. Shreshta IT has also developed a tool to deal with such issues. Its clients includes the Indian Railways, National Internet Exchange of India, VTU and Pune-based food products maker Chitale.