Belagavi IT company detects online scam targeting State Bank of India users
The Hindu
Safety recommendations comprising an SMS/email/WhatsApp message with a tone of urgency should be dealt with extreme caution. This is true, especially in the case of any message from the bank. Always reach out directly to the bank and verify suspicious messages and emails before taking any action.
A Belagavi-based IT company has detected a massive online scam targeting State Bank of India (SBI) users. The Threat Intelligence team in Shreshta IT Technologies Private Limited uncovered a massive phishing scam targeting SBI users.
Shreshta founder Swapneel Patnekar says, “SBI users have been targeted in phishing attacks even in the past. This campaign involves sending phishing URLs to users via various channels, such as email, SMS and WhatsApp. The motive of the threat actors is to harvest the Personally Identifiable Information (PII) of users, specifically the user’s Internet banking credentials, Aadhaar number, PAN and date of birth. This can lead to violation of privacy, and also financial loss.. We have issued an advisory to users, and also sent an alert to the bank.”
“The phishing websites are lazily crafted, containing images from the official login page of the bank website. We believe the phishing websites are specifically designed for mobile banking, as evident from the structure and design of the website. But this design is sufficient to convince users that they are dealing with the bank. Users need to be cautious when their details are sought,” he said.
A large part of the phishing website has been developed by using images from the official website. Security instructions in the phishing website are in the form of an image. After clicking on the ‘Continue to Login’ button, the user is redirected to a login page.
The image CAPTCHA (image verification) and the Audio CAPTCHA don’t work since they are mere placeholder images
New User and Forgot Username and Password links don’t work because they are placeholder images. After the user submits their internet banking login credentials, the user is redirected to the OTP request page. The phishing page prompts the user to enter their account holder name and date of birth. After the user enters the account holder name and the date of birth, an OTP page is presented to the user. The phishing website then prompts the user to enter their full name as per their PAN and reveal their PAN. The page prompts the user to enter their Aadhaar number, and their full name as per the Aadhaar card. This page prompts the user to enter the OTP. After submitting the OTP, the phishing website indicates that it is verifying the details, but after some time, it times out.
Bitcoin’s march toward $100,000 made further ground on Thursday as the coin crossed $95,000.
Billionaire Gautam Adani indicted in New York for bribery and fraud scheme, impacting Adani Group's financial plans.
SEC charges Adani Group chairman with defrauding American investors and bribing officials in multi-billion-dollar solar energy project scheme.
Country Club Hospitality and Holidays Ltd clears ₹600 crore debt, explores global partnerships, franchise model for growth and expansion.
Steel Secretary addresses concerns over cheap steel imports from FTA nations, highlighting challenges faced by domestic industry.
Stock markets in India closed for Maharashtra elections, with a bounce back in domestic indices observed on Tuesday.
The sensor systems for vehicles in India are all imported. Nothing is made in India though they are engineered at a sustainable low cost, said ISRO Chairman S. Somanath.
Donald Trump's proposed tariffs on Chinese imports could impact global trade, inflation, and economic growth.
Evernorth Health Services opens global capability centre in Hyderabad, plans to hire 300 more employees by April.
Tata Power partners with Bhutan's DGPC to develop 5,000 MW clean energy capacity, strengthening regional clean energy sector.
Rupee closes flat against dollar amid geopolitical tensions, domestic market optimism; traders eye upcoming data and elections.