In a fresh trouble for State Bank of India (SBI), hackers from China are attacking the bank's customers with phishing scams. Customers are being provided with a link to update their KYC with a bait of giving 50 lakhs worth free gifts.
A research by a Delhi based company CyberPeace Foundation and Autobot Infosec Pvt. Ltd found two incidents which were reported by smartphone users.
In the first case, the customer received a message regarding the KYC verification. The site looked exactly the same as the official SBI online page.
An OTP was sent to the customer's mobile number to login. After entering it a new page pops-up which asks them to put in some confidential information like account holder name, mobile number, date of birth, after which another OTP is sent.
Just after clicking “Continue to Login” it opens the full 'kyc.php' page which requires a username, password and a captcha to log in to online banking.
In the research it was found all the domain names were registered with China. It was shown that SBI were using a third-party domain rather than their official site www.onlinesbi.com. The site layout was almost the same as the official SBI site to convince users.
Not only SBI, but other bank customers like PNB, IDFC and Kotak customers were also being targeted the same way.