Connect with us

Cyber Crime

Phishing Attack On Bank Customers Using SMS Apps, Warn Cyber Experts At CloudSEK



Phishing Attack On Bank Customers Using SMS Apps, Warn Cyber Experts At CloudSEK

Cyber crime experts at CloudSEK have pointed out that a phishing attack has been noticed against banking customers via SMS-forwarding apps in India. 

In such attacks, the phishing site first collects a user’s personal information and contact details and then the Android-based SMS forwarding app is installed on their phone, said Bangalore-based cyber security company CloudSEK in its latest report

This app pretends to be a bank customer service app and asks for two permissions: receiving and sending messages. 

The application’s source code is said to be available on Github. The app is devoid of any strong mechanism that can avoid antivirus, etc.

After the app’s installation on any user’s mobile phone, any text recieved with an OTP is redirected to the cyber attacker, thus giving them the ability to manipulate the available resources.

ALSO READ: Job Scam: Middle East New Target Of Phishing Scams, Cyber Thugs Pose As UAE Ministry Officials

Experts have pointed out that in order to defeat the cyber attackers, it becomes important for banks to create awareness, thus saving on financial and reputational losses. 

How Does It Work?

According to the modus operandi of the attackers, the victims fill out all their banking details on a fake complaint portal. After this, the threat actor gets all the vulnerable details.

After this the victim gets a fake application which can be downloaded from the portal.

According to experts, these forms do not have any logo or name. They are kept simple to avoid any kind of doubt.

ALSO READ: Abysmal State of Critical Infra: Supply of Gas, Water & Govt Services at High Risk – CloudSEK’s Report

Researchers at CloudSEK also pointed out the forged malicious app is not hosted by Google play or third-party sites. 

The victim’s messages are then sent to the threat actor’s command and control server by the malicious application.

Two Step Authentication: Does It Really Work In Such Cases?

Even if you have switched on two-factor authentication and other safety measures, then also the hackers can get hold of all your information and use it to manipulate and get their goal fulfilled.

So it is very important to take necessary precautions while downloading any application.

How To Beat Phishing Attack Threats

These phishing attacks begin from a simple SMS sent to a bank user’s phone. Just a casual click on attached link and the user loses all vital information and eventually money.

But to safeguard oneself from such cyber attacks, the first and foremost caution is to be attentive to what links one is clicking, especially those sent by unknown persons or marketing numbers. 

ALSO READ: Cyber Attack On India Widens, Around 200 Govt, Private Domains Targeted

Also, make sure than you download your apps only from trusted sources like Google play store and Apple play store.

Don’t download any app for the sake of doing it. Uninstall all unnecessary apps. 

Also, be careful while giving permission to apps. Think why some random app would require permission to access your SMS or phone calls!

Follow on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube

Continue Reading