The Indian Computer Emergency Response Team (CERT-In), a cybersecurity regulatory authority, has issued a warning to internet banking customers about phishing attempts, which are being exploited not only to steal crucial user data but also to execute fraudulent transactions online.
The agency has identified that Indian banking users are indeed being targeted by a unique type of phishing attack that leverages the ‘ngrok’ framework platform. Some cybercriminals simulate Indian banks in an attempt to duplicate the login credentials of net banking users, resulting in fraudulent payments.
The aforementioned ‘ngrok’ framework platform is being used to broadcast phishing websites that harvest sensitive credentials from users, such as Internet Banking passwords, phone numbers, and One Time Passwords (OTPs). Initially, the victim will receive an SMS that pretends to be a message from the bank. Suspicious links with embedded phishing hyperlinks ending in ngrok.io/xxxbank will be highlighted in the SMS. Here is an example of that:
“Dear customer your xxx bank account will be suspended! Please Re KYC Verification Update click here link http://446bdf227fc4.ngrok.io/xxxbank”
When the recipient opens the URL and enters it with their Internet banking credentials, they are redirected to a phishing website. The malicious actor then generates a two-factor authentication (OTP) token, which is sent to the victims’ phone numbers. The recipient thereafter inputs the received OTP into the phishing webpage, which is recorded by the attacker. Eventually, the attacker uses the recorded OTP to get control of the victims’ bank accounts then initiates fraudulent transactions to transfer all the funds.
In addition, In-CERT has published certain best practices that one should follow in order keep protected against such malicious actors:
Do not visit untrustworthy websites or follow suspicious links or be careful when you click on the link in spammy emails or SMS
Always check for numbers that do not seem to be genuine mobile phone numbers.
Scammers commonly use email-to-text tools to conceal their identity and avoid handing out your personal phone number. Authentic SMS messages from banks typically include a sender ID (consisting of the bank’s short name) rather than a phone number in the sender information box.
If you receive a text that pretends to be from your bank or some other financial institution, you immediately call that bank to verify if you have received a genuine request.
Whenever accessing email attachments, be cautious. Only click on URLs that precisely disclose the domain of the website. Although in doubt, individuals can use search engines to verify the organization’s website to confirm that the websites they visited are trustworthy.
Install as well as update anti-virus and anti-spyware applications alongside use the latest Operating system with the latest security patch whether it’s your smartphone or computer. Also, update your web browsers regularly as it’s the most vulnerable piece of application.
Use precautions when accessing shortened URLs, such as those from bit.ly or TinyURL. Users should hover their mouse pointer over the abbreviated URLs (if possible) to see the actual website domain they are accessing, or use a URL checker to enter a short URL and verify the full URL.
Before providing any sensitive information such as personal information or account login credentials, pay close attention to any misspellings and/or substitutions of alphabets in the URLs of the websites you are going to visit. Look for legitimate encryption certificates by verifying for the green lock in the browser’s address bar.
Restrict your app downloads to the official app stores, such as the smartphone’s manufacturer or the operating system’s app store like Apple App Store or Google Play store, to reduce the chance of downloading potentially dangerous applications. Or use open-source app marketplaces like Aurora App store or F-droid.
Customers must notify their bank as soon as they see any suspicious activity within their account. CERT-In should be notified about phishing websites and malicious messages.