Cyber criminals, preying on Indian users, dupe them into revealing important personal information. They are asking users to submit an application for the disbursement of income tax refund along with a link that directs users to a webpage looking like the income tax e-filing web page.
New Delhi: For the customers of State Bank of India, ICICI, HDFC, Axis Bank and Punjab National Bank, there is a major security alert. A big phishing scam is doing the rounds wherein customers of these five major banks are being targetted. This was revealed in an investigation by New Delhi-based think tank CyberPeace Foundation along with cybersecurity services firm Autobot Infosec.
Cybercriminals, preying on Indian users, dupe them into revealing important personal information. They are asking users to submit an application for the disbursement of income tax refund along with a link that directs users to a webpage looking like the income tax e-filing web page.
The suspicious links originate from the US and France, using which scammers are collecting personal as well as banking information, which could trap the users into massive financial loss.
The whole campaign uses plain http protocol instead of the secure https and asks users to download an application from a third party source instead of Google Playstore.
On opening the link, the users are redirected to a new page resembling income tax e-filing website. On clicking the green ‘Proceed to the verification steps’ button, users are asked to submit personal information such as full name, PAN, Aadhar number, address, pincode, date of birth, mobile number, email address, gender, marital status and banking information like account number, IFSC code, card number, expiry date, CVV/CVC and card PIN.
Additionally, the bank name is automatically detected from the IFSC code entered in the form. In a few steps of confirmation and login details, the user faces severe vulnerability and the risk to financial losses