[ad_1]
India’s fiscal year ended on March 31 and people are now busy completing their tax returns. Researchers have warned that scammers are taking advantage of the situation and are targeting Indian account holders through tax-time smishing campaigns.
A smishing campaign is a fraudulent practice in which malicious text messages, purporting to be from popular Indian banks, are sent to users with an aim to trick them and get their personal information.
How scammers are targeting Indians
Researchers claim that they are monitoring a smishing campaign in which scammers are sending a text falsely claiming that the recipient’s bank account will be blocked, and telling the recipient to update their PAN and AADHAR card information on their accounts.
According to a report by Sophos, these texts also include a link to an Android Package (APK) file. After clicking on the link, an APK is downloaded and installed. After installation, this APK opens fake (but lookalike) bank login pages to trick users.
“This not only abuses recipients but the bank brands. The APK then tries to acquire the recipient’s login, password, debit card number, and ATM pin,” the report said.
If the recipient enters any personal information, the data gets exfiltrated to a remote server owned by the attackers rather than the bank from which the text message is claimed to have been sent.
Additionally, the malicious APK also has the ability to read the contents of SMS texts when they are received, possibly to extract any OTP codes issued by the bank.
How to stay safe
Sophos said that users who receive an unexpected message “from their bank” or other service provider must reach out directly to the service provider by phone or through the provider’s legitimate, secured website.
Users must also refrain from clicking any links sent via text messages and avoid installing applications from untrusted sources.
A smishing campaign is a fraudulent practice in which malicious text messages, purporting to be from popular Indian banks, are sent to users with an aim to trick them and get their personal information.
How scammers are targeting Indians
Researchers claim that they are monitoring a smishing campaign in which scammers are sending a text falsely claiming that the recipient’s bank account will be blocked, and telling the recipient to update their PAN and AADHAR card information on their accounts.
According to a report by Sophos, these texts also include a link to an Android Package (APK) file. After clicking on the link, an APK is downloaded and installed. After installation, this APK opens fake (but lookalike) bank login pages to trick users.
“This not only abuses recipients but the bank brands. The APK then tries to acquire the recipient’s login, password, debit card number, and ATM pin,” the report said.
If the recipient enters any personal information, the data gets exfiltrated to a remote server owned by the attackers rather than the bank from which the text message is claimed to have been sent.
Additionally, the malicious APK also has the ability to read the contents of SMS texts when they are received, possibly to extract any OTP codes issued by the bank.
How to stay safe
Sophos said that users who receive an unexpected message “from their bank” or other service provider must reach out directly to the service provider by phone or through the provider’s legitimate, secured website.
Users must also refrain from clicking any links sent via text messages and avoid installing applications from untrusted sources.
[ad_2]
Source link