A phishing scam has targeted many State Bank of India (SBI) customers, with hackers bombarding them with suspicious text messages demanding that they redeem their SBI credit points worth Rs 9,870.
The connection in the text messages takes the user to a fake website, where they are asked to enter personal information as well as sensitive financial information such as card number, expiration date, CVV, and Mpin into a ‘State Bank of India Fill Your Details’ form.
According to a joint investigation by the New Delhi-based think tank CyberPeace Foundation and Autobot Infosec Private Ltd, the website gathers data without any verification and is registered by a third party rather than the State Bank of India, making it even more suspicious.
“Furthermore, SBI claims that they never communicate with their customers via SMS or emails that contain links to the user’s account. For security purposes, no reputable banking institution uses WordPress or similar CMS technologies on their official website “According to the foundation.
Name, registered mobile number, email, email password, and date of birth are among the personal information requested on the malicious website.
The user is guided to a “thank you” page after submitting the form.
“The website’s domain name can be traced to India, and the registrant state was discovered to be Tamil Nadu,” according to the study.
According to the paper, the form accepts user inputs without performing any basic data type validation.
The registered mobile number area, for example, accepts text input despite the fact that it should only accept numerical values. This is also supported by the source code, which specifies ‘text’ as the field’s input type rather than ‘digit’ or ‘tel’.
“Instead of covering the characters, the email password field displays the entered password in plain text. It’s worth noting that a similar source code observation has been made “It was also added.
“Instead of the 16 digits that SBI cards normally have, the card number area accepts an infinite number of digits. Both of these instances of carelessness point to weak coding standards “According to the foundation. —IANS