Chinese Hackers Target Indian SBI Users Via Phishing

Recently Indian officials have reported that China-based cybercriminals are targeting customers of the Indian National Bank State Bank of India (SBI) with phishing scams by offering gifts. Hackers are asking users to update their KYC through a website link as they offer gifts worth around 5 million (INR 50 lakh) from the bank via a WhatsApp message. 

The research wing of New Delhi-based think tank CyberPeace Foundation, in collaboration with Autobot Infosec Pvt Ltd, investigated two similar cases that have targeted SBI customers, as of late. 

“All the domain names associated with the campaign have the registrant country like China,” the research team informed IANS. The operational group will send you a message in which you will find a requesting KYC verification, the message will appear to be authentic and will resemble the official SBI online page. 

On clicking the “Continue to login” button, it will redirect the users to a full-kyc.php page, then it will ask them to fill in their credentials like username, password, and a captcha to log in to the online banking. 

“Following this, it asks for an OTP sent to the user’s mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page,” the researchers informed. 

The team of researchers has suggested that the customers should avoid opening such links sent via social platforms, and if anyone finds anything suspicious they are recommended to contact their bank branch.