SBI account holders are being targetted online by sophisticated Chinese hackers who have launched phishing attacks to steal money.

If you are an SBI account holder, then beware! You are being targetted online by Chinese hackers and you could even lose your money. Phishing scams have been increasing and in the last couple of months, numerous reports have detailed new and innovative means that these scammers are using to dupe innocent people into giving up their financial credentials that ultimately leads them to lose their money. Just such a scam is targeting State Bank of India (SBI) customers and they need to know how to stop these hackers.

How they are doing it

As per reports, Chinese hackers are targeting SBI customers with phishing scams wherein they are asking them to update their Know Your Customer (KYC) details. In some cases, hackers are also sending messages to SBI customers offering free gifts for updating their KYC details.

To ensure you do not lose your money, you must not click on these messages nor do what they are asking. If you do, you may suffer the consequences.

The method used

Delhi-based think tank CyberPeace Foundation and Autobot Infosec have together studied two incidents wherein the hackers targeted SBI customers. In the first case, customers got a text message requesting KYC verification. On opening the link, customers land on a page that resembles the official SBI online page. When they click on the ‘Continue to Login’ button, they are redirected to a page that asks them about confidential information such as username and password along with a captcha code.

“Following this, it asks for an OTP sent to the user’s mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page,” researchers told IANS.

In the second case, hackers are sending a WhatsApp message containing a link to the customers luring them with free gifts worth up to ₹50 lakhs.

Upon investigation, researchers have concluded that while the campaign is pretending to be by SBI, it is being hosted by a third-party domain.

URL manipulation

The research team came to the conclusion that the campaign is simply pretending to be from State Bank of India but it is hosted on a third-party domain instead of the official website www.onlinesbi.com, which makes it more suspicious.

“The URL manipulation showed that the webserver has directory listing enabled and found other links visible which proves that not only the SBI users, IDFC, PNB, IndusInd and Kotak bank users are also targeted by the same type of phishing scam,” the researchers added.

SBI hasn’t reacted to the matter as yet.