Cyber crime experts at CloudSEK have pointed out that a phishing attack has been noticed against banking customers via SMS-forwarding apps in India.
In such attacks, the phishing site first collects a user’s personal information and contact details and then the Android-based SMS forwarding app is installed on their phone, said Bangalore-based cyber security company CloudSEK in its latest report.
This app pretends to be a bank customer service app and asks for two permissions: receiving and sending messages.
The application’s source code is said to be available on Github. The app is devoid of any strong mechanism that can avoid antivirus, etc.
After the app’s installation on any user’s mobile phone, any text recieved with an OTP is redirected to the cyber attacker, thus giving them the ability to manipulate the available resources.
Experts have pointed out that in order to defeat the cyber attackers, it becomes important for banks to create awareness, thus saving on financial and reputational losses.
How Does It Work?
According to the modus operandi of the attackers, the victims fill out all their banking details on a fake complaint portal. After this, the threat actor gets all the vulnerable details.
After this the victim gets a fake application which can be downloaded from the portal.
According to experts, these forms do not have any logo or name. They are kept simple to avoid any kind of doubt.
Researchers at CloudSEK also pointed out the forged malicious app is not hosted by Google play or third-party sites.
The victim’s messages are then sent to the threat actor’s command and control server by the malicious application.
Two Step Authentication: Does It Really Work In Such Cases?
Even if you have switched on two-factor authentication and other safety measures, then also the hackers can get hold of all your information and use it to manipulate and get their goal fulfilled.
So it is very important to take necessary precautions while downloading any application.
How To Beat Phishing Attack Threats
These phishing attacks begin from a simple SMS sent to a bank user’s phone. Just a casual click on attached link and the user loses all vital information and eventually money.
But to safeguard oneself from such cyber attacks, the first and foremost caution is to be attentive to what links one is clicking, especially those sent by unknown persons or marketing numbers.
Also, make sure than you download your apps only from trusted sources like Google play store and Apple play store.
Don’t download any app for the sake of doing it. Uninstall all unnecessary apps.
Also, be careful while giving permission to apps. Think why some random app would require permission to access your SMS or phone calls!
Follow The420.in on