The Indian Computer Emergency Response Team (CERT-In) has issued a notice warning all Indians of SMSes asking for KYC update. Scammers are posing as banking officials targeting unsuspecting customers. The scammers carry out phishing attacks by using ngrok platform.
Through the ngrok platform, scammers are hosting phishing websites that impersonate the internet banking portals of Indian Banks. Once a user bites the clickbait, the scammers get access to unsuspecting customer’s sensitive information like their internet banking credentials, mobile numbers, OTPs, etc.
CERT-In stated the following pertaining to such incidences:
It has been observed that Indian banking customers are being targeted by a new type of phishing attack using ngrok platform. The malicious actors have abused the ngrok platform to host phishing websites impersonating the internet banking portals of Indian banks. Using these phishing websites, malicious actors are collecting sensitive information of the customers like Internet Banking credentials, mobile number, One Time Password(OTP), etc. to perform fraudulent transactions.”
How does it happen?
It’s crucial to protect banking credentials with the majority of our transactions taking place online these days. Scammers are sending SMSes to users that contain phishing links. Since scammers are misusing ngrok platform, the majority of these links finish in ngrok.io. The notice normally instructs a person to update KYC by clicking on the shared link. The SMS further warns suspension of the bank account in case of non-compliance.
Also read: Getting off the hook of a phishing campaign
When a customer enters their internet banking credentials into the phishing website using the URL provided in the message, they receive an OTP on their devices. This makes the entire process appear legitimate. Scammers then grab this information (banking credentials and subsequently the OTP) and use it to defeat two-factor authentication (2FA) on the legitimate banking account and make fraudulent transactions.
Recently, hackers were found targeting State Bank of India customers through another campaign.
In its advisory, CERT-IN states that customers need to be careful of such messages. Importantly, messages sent by the bank legitimately normally include a sender ID, which is usually the bank’s name or a truncated form of it.
The fraudulent messaged are sent from sender IDs that are phone numbers or bank names with minor, easily negligible errors. This is something the user should double-check.
The customer should also check the language used in the message or email. In contrast to the professionally prepared correspondence you’d expect to receive from your bank, scammers’ messages are frequently grammatically inaccurate and not written in a proper manner.