Net banking users alert! Govt agency warns of phishing attack that can steal money from account
Indian cybersecurity nodal agency, Indian Computer Emergency Response Team (In-CERT) has pushed out a notification warning internet banking users about phishing attacks that are not only being used to steal critical user data but also to conduct fraudulent transactions online.
The agency has observed that Indian banking customers are being targeted by a new type of phishing attack using a platform called ‘ngrok’. Some malicious actors are impersonating Indian banks in order to dupe net banking users for their credentials, leading to fraudulent transactions.The ngrok platform is being used to host phishing websites through which the malicious actors are collecting sensitive information of customers, like Internet Banking credentials, mobile number, One Time Password (OTP) etc.
- First, the user will get an SMS which superficially looks like a message from the bank. The SMS will contain suspicious links with embedded phishing links ending with ngrok.io/xxxbank. A sample message is shown below:
- “Dear customer your xxx bank account will be suspended! Please Re KYC Verification Update click here link http://446bdf227fc4.ngrok.io/xxxbank”
- Once the victim clicks on the URL and login to the phishing website using their Internet banking credentials. The attacker then generates OTP (2FA) which is delivered to victims’ phone number.
- The Victim then enters the received OTP in the phishing site, which the attacker captures.
- Finally, the attacker gains access to the victims’ account using the OTP(2FA) and performs fraudulent transactions.
In-CERT has also released some best practices which users should follow in order to stay safe from malicious actors:
Do not browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the link provided in any unsolicited emails and SMS.
Look for suspicious numbers that don’t look like real mobile phone numbers.
Scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number. Genuine SMS messages received from banks usually contain sender ID (consisting of bank’s short name) instead of a phone number in sender information field.If you get a message that appears to be from your bank or other financial institution, contact that bank directly to determine if they sent you a legitimate request.Exercise caution while opening email attachments. Only click on URLs that clearly indicate the website domain. When in doubt, users can search for the organisation’s website directly using search engines to ensure that the websites they visited are legitimate.
Install and maintain updated anti-virus and anti-spyware software.
Consider using Safe Browsing tools, filtering tools (antivirus and content-based filtering) in your antivirus, firewall, and filtering services.
Update spam filters with the latest spam mail contents.
Exercise caution towards shortened URLs, such as those involving bit.ly and tinyurl. Users are advised to hover their cursors over the shortened URLs (if possible) to see the full website domain which they are visiting or use a URL checker that will allow the user to enter a short URL and view the full URL