 |
||
|
Source Name: CyberPeace Foundation
|
||
Cyber Criminals Target Indian users with Phishing Scams Replicating as State Bank of India
| ||
|
Jul 06, 2021 12:35 PM
|
||
|
New Delhi, Delhi, India The Research Wing of CyberPeace Foundation along with Autobot Infosec Pvt. Ltd. studied two incidents on the name of the State Bank of India that were recently faced by some smartphone users.
The incident include text messages asking users to update their SBI bank KYC using a particular link and another one on receiving free gifts from the State Bank of India as a WhatsApp message.
The Research Wing of CyberPeace Foundation along with Autobot Infosec Private Limited have looked into this matter to reach a conclusion that the website is either legitimate or an online fraud.
In the first case of the text message requesting KYC verification, the landing page that appears resemble to the official SBI Online page retail.onlinesbi.com/retail/login.htm.
On clicking the “CONTINUE TO LOGIN” button it redirects the user to /full-kyc.php page asking confidential information like Username, Password and a Captcha in order to login to the online banking. Following this, it asks for an OTP sent to the user’s mobile number.
As soon as the OTP is entered, it redirects the user to /acholder.php page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data it redirects the user to an OTP page.
The research team noticed that on clicking anywhere in the landing page it redirects to the /full-kyc.php page whereas users should be redirected only if they click on the “CONTINUE TO LOGIN” button. It means users are deliberately forced to reach to the /full-kyc.php and provide the confidential information.
The URL manipulation showed that the web server has directory listing enabled and found other links visible which proves that not only the SBI users, IDFC, PNB, Indusland, Kotak bank users are also targeted by the same type of Phishing scam.
The research team came to a conclusion that the campaign is pretended to be launched from State Bank of India but hosted on the third party domain instead of the official website www.onlinesbi.com which makes it more suspicious.
In the second case of luring users to winning attractive free gifts, it was found that the WhatsApp message redirects the user to the link which shows as below.
On the landing page a congratulations message appears with an attractive photo of State Bank of India and asks users to participate in a quick survey to get a free gift of INR 5000000 from the State bank of India. Also at the bottom of this page a section comes up which seems to be a Facebook comment section where many users have commented about how the offer is beneficial.
The survey starts with some basic questions like Do you want a gift?, How old are you?, How do you rate State Bank of India services?, Are you an adult? etc. Once the user answers the questions a “congratulatory message” is displayed. After Clicking the OK button users are given three attempts to win the prize by a game that resembles a lucky draw by choosing from gift boxes on screen. After completing all the attempts it says that the user has won Rs. 5000000. Clicking on the ‘OK’ button, it instructs users to share the campaign on WhatsApp. Strangely enough the user has to keep clicking the WhatsApp button until the progress bar completes. After clicking on the green ‘WhatsApp’ button multiple times it shows a section where an instruction has been given to complete registration in order to get the prize. After clicking on the green ‘Complete registration’ button, it redirects the user to multiple advertisements web pages and it varies each time the user clicks on the button.
To read the full reports, click here - bit.ly/36hqTIs; bit.ly/3wlfMbR
Conclusive Summary
CyberPeace Advisory
|
||