Several users of the
State Bank of India (SBI) have been targeted with a phishing scam where hackers have flooded them with
suspicious text messages, requesting them to redeem their
SBI credit points worth Rs 9,870.
The link associated with the text messages redirects the
user to a
fake website and on the
landing page, the user is asked to submit personal information along with sensitive financial details like card number, expiry date, CVV and Mpin in a 'State Bank of India Fill Your Details' form.
According to the investigation by New Delhi-based think tank CyberPeace Foundation along with Autobot Infosec Private Ltd, the website collects data directly without any verification and is registered by a third party instead of having the registrant organisation name of State Bank of India, making it all the more suspicious.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More "Moreover, according to SBI, they never communicate with their customers via SMS or emails containing links with regard to the user's account. Any reputed banking entity also does not use Wordpress like CMS technologies on their official website for security reasons," the foundation said.
The personal information sought on the malicious website is name, registered mobile number, email, email password and date of birth.
After the form is submitted, the user is directed to a "thank you" page.
"The domain name of the website can be traced to India, and the registrant state was found to be Tamil Nadu," the report mentioned.
According to the report, it was observed that the form takes user inputs without performing basic validation of data type.
For example, the registered mobile number field, which should only accept numerical values also accepts text input. This can also be confirmed from the source code, where the input type for the field is mentioned as 'text' instead of 'number' or 'tel'.
"The email password field shows the entered password in clear text instead of keeping the characters hidden. A similar source code observation is noted," it added.
"The card number field accepts an infinite number of digits instead of only 16 digits, which SBI cards usually have. All these instances of negligence clearly indicate bad coding practice," the foundation said.
SEE ALSO:
Ratan Tata is exiting Lenskart with returns of almost five times the investment
EXPLAINED: The NUE licence for payments that Tata, Ambani and Bezos have applied for
Elon Musk's Starlink satellite internet is coming to India – here's how you can pre-book your connection
Elon Musk is facing a challenge from Asia’s richest man Mukesh Ambani in India— both in energy and transportation
Next Story
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
Experts warn of rising temperatures in Bengaluru as Phase 2 of Lok Sabha elections draws near
Axis Bank posts net profit of ₹7,129 cr in March quarter
7 Best tourist places to visit in Rishikesh in 2024
From underdog to Bill Gates-sponsored superfood: Have millets finally managed to make a comeback?
7 Things to do on your next trip to Rishikesh
