New Delhi: Scammers target banking customers in India using new phishing attacks to collect sensitive information such as internet banking credentials, cellphone numbers and OTPs to conduct fraud transactions, the country’s cyber security agency has warned in his advisor.
Evil activities are being carried out using a troubled platform (cross platform application), a unique web application, he said.
“It has been observed that Indian banking customers are targeted by the type of new phishing attack using a snapping platform.” “Evil actors have abused the troop platform to host phishing websites disguised as an Indian Bank internet banking portal,” according to the advisor issued by Cert-in on Tuesday.
The Indian computer emergency response team or cert-in is a federal technology arm to fight cyber attacks and keep cyber space against phishing attacks and hacking and similar online attacks.
Phishing shows fraud when the attacker, disguised as a trusted entity, cheats the victim to click the evil link to steal passwords, login credentials and passwords once (OTP).
By using this phishing website, the advisory described, “evil actors” collect sensitive information from customers such as internet banking credentials, cellphone numbers and OTP to do “fraud transactions.” It was said that phishing attacks had been seen triggered through SMS containing links that ended with nbok.io/xxxbank.
Advisor explains this with an SMS sample.
“Dear customers Your XXX bank account will be suspended! Please update KYC verification, click here the link http://446bdf227fc4.ngrok.io/xxxbank”.
After the victim clicked on this URL (Universal Resource Locator) and entered the Phishing website using the internet banking credentials, the attacker produced OTP for 2FA or two authentication factors sent to the victim’s telephone number.
“The victim then entered the OTP on the phishing site, which was arrested by the attacker,” he said.
Finally, the attacker gained access to the victim’s account using OTP and conducted fraud transactions, the adviser said.
The Cyber Security Agency has suggested several “best practices” to bite these attacks on buds, the most important creatures: “Find suspicious numbers that don’t look like real cell phone numbers because scammers often cover their identity by using email-to – Tune services to avoid revealing their actual telephone numbers.
“” The original SMS received from the bank usually contains the sending ID (consisting of a short bank name) instead of the telephone number in the sender’s information field.
” It further advises internet banking users to “just click on the URL which clearly shows the website domain.” “When doubtful, users can search for organizational websites directly use search engines to ensure that the website they visit is valid,” he said.
A special examination of such attacks is “exercise carefully towards the abbreviated URL, as involving bit.ly and tinyurl.” “Users are advised to direct their cursor to a short URL (if possible) to see the complete website domain they visit or use the URL checker that will allow users to enter a short URL and see the full URL,” he said.
.
Users can also use the Shortening Service Preview feature to preview full URLs, the advisors stated.
It is said that bank customers must pay “special attention to all spelling spelling and / or substitution of letters in the URL of the website they browse.” Some other reverse steps expressed in advisors are often recurrent principles that are suggested for safe browsing and accessing the internet.
“Install and maintain an anti-virus and anti-spyware software that is updated, filtering tools (anti-virus and content-based filtering), firewalls, and filtering services.” Update spam filters with the latest spam letter content, he said.
“Customers must report unusual activities in their account immediately to their respective banks,” he said.
“Phishing websites and suspicious messages must be reported to Cert-in at incident@cert-in.org.in and each bank with relevant details to take further action,” Advisor concluded.
New phishing attacks lurking to Banking Customers Scam: Advisors
