New Phishing Attack: Hackers Are Using New Trick To Steal Your Money, Details And Tips Inside

NEW DELHI: Banking customers in India are being targeted by scammers using a new type of phishing attack that impersonates internet banking portals, according to the country’s cybersecurity agency. According to an advisory issued by the Indian Computer Emergency Response Team (CERT-In), scammers are hosting phishing websites on the ngrok platform to collect sensitive information such as internet banking credentials, mobile numbers, and One Time Passwords (OTP).

The New Phishing Attack

The CERT-In advisory stated, “It has been observed that Indian banking customers are being targeted by a new type of phishing attack using the ngrok platform.”

“Malicious actors have abused the ngrok platform to host phishing websites impersonating Indian bank internet banking portals,” it added.

How The Phishing Attack Is Executed Using Ngrok

Using a sample SMS, the cybersecurity agency explained how “malicious actors” trick banking customers into visiting phishing websites and engaging in fraudulent transactions. Scammers send SMS messages with embedded phishing links ending in ngrok.io/xxxbank, where xxx is the name of the bank.

“Dear customer your xxx bank account will be suspended! Please Re KYC Verification Update click here link http://446bdf227fc4.ngrok.io/xxxbank,” the sample SMS reads.

Once a customer clicks on the URL and logs in to the phishing website using their internet banking credentials, the attacker uses the information to generate an OTP. The phishing victim then enters the OTP on the phishing site, which the attacker captures and uses to carry out fraudulent transactions on the victim’s account.

“Phishing websites and suspicious messages should be reported to the CERT-In at incident@cert-in.org.in and respective banks with the relevant details for further appropriate actions,” CERT-In said in its advisory.

SAFE BANKING TIPS BY CERT-IN

•  Banking customers should be on the lookout for suspicious numbers that do not appear to be real mobile phone numbers, as attackers frequently mask their identities by using email-to-text services to avoid revealing their actual phone number.
• Genuine SMSes from banks usually have a sender id (consisting of the bank’s short name) rather than a phone number in the sender information field.
• They should only click on URLs that clearly indicate the domain of the website.
• If you get a message that appears to be from your bank or other financial institution, contact that bank directly to determine if they sent you a legitimate request.

• Exercise caution while opening email attachments.  Only click on URLs that clearly indicate the website domain.

• Install and maintain updated anti-virus and antispyware software. Consider using Safe Browsing tools, filtering tools (antivirus and  content-based filtering) in your antivirus, firewall, and filtering services.

• Update spam filters with latest spam mail contents.

• Exercise caution towards shortened URLs, such as those involving bit.ly and tinyurl. Users are advised to hover their cursors over the shortened URLs (if possible) to see the full website domain which they are visiting or use a URL checker that will allow the user to enter a short URL and view the full URL. Users can also use the shortening service preview feature to see a preview of the full URL.

• Pay particular attention to any misspelling and/or substitution of letters in the URLs of the websites they are browsing.

• Look out for valid encryption certificates by checking for the green lock in the browser’s address bar, before providing any sensitive information such as personal particulars or account login details.