- Cybercriminals are now using the threat of suspension of bank accounts to prompt to click on links sent by them with fraud banking messages.
- Few days back they were targeting citizens with “electricity bill” frauds.
- The message includes a link, which supposedly allows customers to update their Know Your Customer (KYC) details or link their PAN cards to their bank accounts.
- Previously the messages were accompanied with links where the victims were ostensibly supposed to update their bill status, the links were designed to capture sensitive banking or card details.
- As most of the messages are being sent in the name of the HDFC Bank, HDFC, has issued an advisory through its social media pages, cautioning customers against falling prey to the scam.
Mumbai Cybercriminals are now using the threat of suspension of bank accounts to prompt unsuspecting citizens to click on links sent by them with fraud banking messages. Few days back they were targeting citizens with “electricity bill” frauds, it seems – they have moved on to a new modus operandi.
After a sudden spate of fraud text messages in the name of banks, the Mumbai Cyber police have in a preliminary analysis have found that the links in the messages are exactly like the ones that were earlier being sent in the name of electricity suppliers.
The police said the slew of messages began around two weeks ago, with scores of people all over the country getting messages, all saying the same thing: ‘Dear Customer, your account will be suspended today. Please update your KYC/link your PAN.’
The message includes a link, which supposedly allows customers to update their Know Your Customer (KYC) details or link their PAN cards to their bank accounts. The link, however, is designed to steal the victim’s net banking or card details.
Opening the link leads the victim to a form to be filled in, which asks for all details like net banking login credentials and debit or credit card details. As soon as these are entered, the cybercriminals log in to the victim’s net banking accounts and start transactions.
The victims get a One Time Password to authorise the transactions but there is also a separate field in the form for this OTP. The victims, thinking that this is part of the process, enter the OTP in the form and the money is debited from their accounts. “The modus operandi and the structure of the web pages is exactly like the ones we saw in cybercrimes that were perpetrated in the name of electricity bills. We are analysing the trend further,” said deputy commissioner of police (Cyber).
Till recently, citizens received messages saying that their electricity supply would be cut off, as they had not paid their bills. The messages were accompanied with links where the victims were ostensibly supposed to update their bill status, the links were designed to capture sensitive banking or card details.
The officer added that most of the messages are being sent in the name of the HDFC Bank, while a few had used names of other banks as well. HDFC, too, has issued an advisory through its social media pages, cautioning customers against falling prey to the scam.
