Express Computer
Home  »  News  »  Hackers hit SBI users with text phishing scam

Hackers hit SBI users with text phishing scam

0 121

Several users of the State Bank of India (SBI) have been targeted with a phishing scam where hackers have flooded them with suspicious text messages, requesting them to redeem their SBI credit points worth Rs 9,870.

The link associated with the text messages redirects the user to a fake website and on the landing page, the user is asked to submit personal information along with sensitive financial details like card number, expiry date, CVV and Mpin in a ‘State Bank of India Fill Your Details’ form.

According to the investigation by New Delhi-based think tank CyberPeace Foundation along with Autobot Infosec Private Ltd, the website collects data directly without any verification and is registered by a third party instead of having the registrant organisation name of State Bank of India, making it all the more suspicious.

“Moreover, according to SBI, they never communicate with their customers via SMS or emails containing links with regard to the user’s account. Any reputed banking entity also does not use WordPress like CMS technologies on their official website for security reasons,” the foundation said.

The personal information sought on the malicious website is name, registered mobile number, email, email password and date of birth.

After the form is submitted, the user is directed to a “thank you” page.

“The domain name of the website can be traced to India, and the registrant state was found to be Tamil Nadu,” the report mentioned.

According to the report, it was observed that the form takes user inputs without performing basic validation of data type.

For example, the registered mobile number field, which should only accept numerical values also accepts text input. This can also be confirmed from the source code, where the input type for the field is mentioned as ‘text’ instead of ‘number’ or ‘tel’.

“The email password field shows the entered password in clear text instead of keeping the characters hidden. A similar source code observation is noted,” it added.

“The card number field accepts an infinite number of digits instead of only 16 digits, which SBI cards usually have. All these instances of negligence clearly indicate bad coding practice,” the foundation said.

–IANS

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image