Scammers are targeting banking customers in India with a new phishing attack to collect sensitive information such as internet banking credentials, mobile number and OTP to carry out fraudulent transactions, the country’s cyber security agency has warned in its latest advisory.
The spiteful activity is being carried out using the ngrok platform, a unique web application, which is targeting Indian banking customers, it said.
“The malicious minded have abused the ngrok platform to host phishing websites impersonating internet banking portals of Indian banks,” according to the advisory issued by CERT –In on Tuesday.
The Indian Computer Emergency Response Team or CERT –in is the federal technology arm to combat cyber-attacks and guarding the cyber space against phishing and hacking assaults and similar online attacks.
Phishing is the kind of fraud when an attacker, masquerading as a trusted entity, ticks a victim into clicking evil links to steal passwords, login credentials and one-time password (OTP).
Using these phishing websites, the advisory elaborated, “malicious minded” are collecting sensitive information of customers to perform “fraudulent transactions.”
It said the phishing attacks have been seen to be triggered through SMSes containing links that end with ngrok.io/xxxbank.
The advisory explained this with a sample SMS.
“Dear customer your xxx bank account will be suspended! Please Re KYC Verification Update click here link http://446bdf227fc4.ngrok.io/xxxbank”.
Once a victim clicks on this URL and log in to the phishing website using internet banking credentials, the attacker generates OTP for 2FA or two factor authentication which is delivered to the victim’s phone number. The victim then enters this OTP in the phishing site or portal that attacker captures. And finally the attacker gains access to the victim’s account using the OTP and performs fraudulent transactions, the advisory said.
For safety measures the cyber security agency has suggested some best practices so that you can be saved from these kinds of cyber-attacks: Look for suspicious number that do not look like real mobile numbers because scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number. Genuine SMSes received from banks usually contains sender id, usually consist of bank’s short name instead of phone number in sender information field. When in doubt, users can search for the organization’s website directly to check its genuinity. Customers should report any unusual activity in their account immediately to the respective bank.
(Source took from Business Standard and the whole content is explained here in our language)
