Chinese hackers are reportedly targeting State Bank of India (SBI) users with phishing scams and more. These hackers are said to be sending text and WhatsApp messages asking users to update KYC using a suspicious website link that replicates the official SBI website. Some messages are also claiming to offer free gifts worth Rs 50 lakh from SBI via a WhatsApp message. Do not fall for these messages as they are scams, cybersecurity researchers have warned.
New Delhi-based CyberPeace Foundation and Autobot Infosec Pvt Ltd have come together to study two such incidents going round on the name of State Bank of India. The research team said, “All the domain names associated with the campaign have the registrant country as China.”
Beware State Bank of India users!
Hackers are sending text message to some SBI users requesting KYC verification wherein the landing page looks just like the official State Bank of India website. Good way to dupe users! On clicking the “Continue to Login” option, the page gets redirected to full-kyc.php page. This page asks for confidential information such as username, password, a captcha to be able to login to netbanking. Ofcourse, don’t click on it as it is unverified.
“Following this, it asks for an OTP sent to the user’s mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page,” researchers informed.
In another instance, hackers are tricking users by sending WhatsApp messages that claims to offer attractive free gifts and more. Such WhatsApp messages also gets redirected to a suspicious link. Researchers said, “on the landing page, a congratulations message appears with an attractive photo of State Bank of India and asks users to participate in a quick survey to get a free gift of Rs 50 lakh from the State bank of India.”
Researchers have recommended users to avoid opening such messages sent via social platforms or even text messages / unverified source. We also suggest to not click on any unverified links. In most cases, messages claiming to offer free rewards are scams to trick users and steal their data and hard earned money.
