A rise in credit and debit card fraud cases have been seen in recent times. Now, a report has surfaced which says the fake banking apps of three well-known Indian banks were used to trick customers into handing over account credentials.
According to International Business Times, bogus Android apps of ICIC Bank, RBL Bank, and HDFC Bank were used by the perpetrators on three separate occasions as a front to collect sensitive data from unsuspecting victims. Information like credit card account number, names, expiration dates, and CVV was funnelled through fake application forms which the potential victims had filled up.
A security firm named ESET told the leading portal, “The data entered into the bogus forms are sent in plain text to the attacker’s server. The listing of the stolen data on that server is accessible to anyone with the link, without requiring any authentication. For the victims, this amplifies the potential damage, since their sensitive data is not only at the attacker’s disposal, but potentially available to anyone who comes across it.”
According to the security firm, the application forms were supposedly meant to increase the credit card limits of the credit card holders. The biggest threat was that the stolen information was released online in plain text. The three banking apps were available for download on Play Store. These apps were available for download between June and July. From the three one app was removed. The apps can be easily identified as fake since they offer nothing and only ask about customers’ personal banking details.