SBI customers targeted by phishing scam, say cyber security firms

A phishing scam has hit many State Bank of India’s customers, as per an investigation by New Delhi-based think-tank CyberPeace Foundation and Autobot Infosec Pvt Ltd, reports IANS.

Phishing is the use of fake emails and/or fake websites. Cyber criminals send emails that appear to be from the customer’s bank that direct a customers to a fake website. This website impersonates the bank’s website and prompts customers to share their bank account access data for online transactions.

The criminal act is a punishable offence under Section 43 of the Information Technology Act, 2000 with penalty up to ₹ 1 crore.

Hackers targeted SBI users by sending suspicious text messages wherein they requested them to redeem their SBI credit points worth ₹ 9,870, reports said.

The message’s link redirected the bank’s customers to a fake website and asked users to submit personal information along with sensitive financial details such as card number, expiry date, CVV and Mpin in a ‘State Bank of India Fill Your Details’ form. After the form is submitted, the user is directed to a ‘Thank you’ page.

The personal information included name, registered mobile number, email, email password and date of birth, CyberPeace Foundation said.

Also read: Cybersecurity incidents increase, 3.94 lakh reported to CERT-In in 2019: Dhotre

The domain name of the website can be traced to India, and the registrant state was Tamil Nadu, as per the Foundation report.

“The fake site collects data directly without any verification and is registered by a third party instead of having the registrant organization name of State Bank of India, making it all the more suspicious. Moreover, according to SBI, they never communicate with their customers via SMS or emails containing links about the user’s account. Any reputed banking entity also does not use WordPress like CMS technologies on its official website for security reasons,” said CyberPeace Foundation along with Autobot Infosec Pvt Ltd.

The Cyber Peace Foundation (CPF) website’s homepage says it is an award-winning civil society organization, think tank of cyber security and policy experts with the vision of pioneering Cyber Peace Initiatives to build collective resiliency against cyber crimes & global threats of cyber warfare. The Foundation is involved in policy advocacy, research and training related to all aspects of cyber peace and cyber security.

The website had also reported a fake loan website that lured many Indians. “A website by the name of ‘Pradhan Mantri Yojana Loan’, which was earlier linked to a Google Play Store app with the same name (the app has now been removed) is luring Indians in the name of providing loans, in exchange for personal identifiable information that can potentially be misused online,” CyberPeace Foundation warned.

Also read: Cyber crime topics should be part of school & college syllabus: Ex-SC Chief Justice