I-T department, 5 top banks’ customers targeted by a phishing scam: Report

The phishing scam messages are asking users to submit a refund application for the disbursement of an income tax refund. Currently, the banks targeted by the scam include ICICI Bank, Axis Bank, HDFC Bank, State Bank of India (SBI) and Punjab National Bank. (AFP)
The phishing scam messages are asking users to submit a refund application for the disbursement of an income tax refund. Currently, the banks targeted by the scam include ICICI Bank, Axis Bank, HDFC Bank, State Bank of India (SBI) and Punjab National Bank. (AFP)
 2 min read . Updated: 17 Mar 2021, 01:30 PM IST Staff Writer

Suspicious links originating from France and the US were luring Indian users into revealing important personal information, according to New Delhi-based CyberPeace Foundation, a cybersecurity think tank.

These messages are asking users to submit a refund application for the disbursement of an income tax refund. Currently, the banks targeted by the scam include ICICI Bank, Axis Bank, HDFC Bank, State Bank of India (SBI) and Punjab National Bank.

MORE FROM THIS SECTIONSee All

The layout and functionalities of the web page used to perpetuate the scam are similar to the official e-filing site to fool the common man. The campaign is also collecting personal and banking information from the user. Getting into such a trap could cause massive financial loss to users, the report said.

The link shared via SMS has no domain name and is not linked with the Indian government. Moreover, the IP addresses linked with the scam belong to some third party dedicated cloud hosting providers associated with the US and France, said the report.

The scam uses plain HTTP protocol instead of secure HTTPS. This means that anyone on the internet or the network can intercept the traffic and get confidential information in plain text to misuse against the victim.

What you should do

CyberPeace Foundation recommends that people must avoid opening such messages sent via social platforms. They should always think before clicking on such links or downloading any attachment from unauthorized sources. One of the ways to verify legitimacy is to look at the URL bar and see if the website uses HTTPS. Additionally, it is good to open banking, any financial services website directly by typing in the URL into the address bar on your laptop or through the legitimate mobile app downloaded from the play store.

TRENDING STORIESSee All

Users must pay more attention and be cautious, especially when asked to share or type in confidential information such as One Time Passwords (OTPs), bank account details, and Aadhaar numbers.

Falling into this trap could lead to compromising of the whole system (access to microphone, camera, text messages, contacts, pictures, videos, and banking applications, etc.) as well as financial loss to the users. Users must always think before clicking on such links or downloading any attachment from unauthorized sources, said the report.

Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.

Click here to read the Mint ePaperMint is now on Telegram. Join Mint channel in your Telegram and stay updated with the latest business news.

Close