Many users of the State Bank of India (SBI) have been targeted with a phishing scam where hackers have flooded them with suspicious text messages, soliciting them to redeem their SBI credit points worth Rs 9,870.
The link associated with the text messages redirects the user to a fake website and on the landing page, the user is told to submit personal information along with sensitive financial details such as card number, expiry date, CVV and Mpin in a ‘State Bank of India Fill Your Details’ form.
According to SBI, they never communicate with their customers via SMS or emails containing links with regard to the user’s account. Any reputed banking entity also does not use WordPress like CMS technologies on their official website for security reasons.
According to the investigation by New Delhi-based think tank CyberPeace Foundation along with Autobot Infosec Private Ltd, the website collects data directly without any verification and is registered by a third party instead of having the registrant organization name of State Bank of India, making it all the more suspicious. The personal information sought on the malicious website is name, registered mobile number, email, email password and date of birth.