“All the domain names associated with the campaign have the registrant country as China,” as per the research team.
In the first case of the text message requesting KYC verification, the landing page that appears resemble with the official SBI online page.
On clicking the “Continue to Login” button, it redirects the user to full-kyc.php page, asking confidential information like username, Password and a captcha in order to login to the online banking.
Following this, it asks for an OTP sent to the user’s mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page,” the researchers informed.
The research team came to a conclusion that the campaign is pretended to be launched from State Bank of India but hosted on the third-party domain instead of the official website www.onlinesbi.com, which makes it more suspicious.
The overall layout of the web page used in the campaign is kept similar to the official SBI netbanking site to lure the users.
Hackers of Chinese origin are targeting bank users with phishing scams, asking them to update their KYC using a particular website link and offering free gifts worth Rs 50 lakh from the bank via a WhatsApp message, cybersecurity researchers warned.
The scam is targeting State Bank of India (SBI) customers and they need to know how to stop these hackers.