• Scammers are using SMS forwarding apps to defraud bank customers in India: Report

    National
    Scammers are using SMS forwarding apps to defraud bank customers in India: Report

    An Android SMS forwarding malware is then downloaded to the victim's devices after the phishing site has obtained their banking credentials and personally identifiable information (PII).

    Digital Desk: Phishing sites are being used in a new phishing
    campaign that targets Indian banking customers in order to gather victims'
    banking credentials and personally identifiable information (PII). An Android
    SMS forwarding malware is also downloaded to their devices after the details
    are stolen. Several domains using the same template were found by CloudSEK's
    Threat Research and Information Analytics, which made this discovery.



    Veterans of the financial world frequently advise people to avoid
    anything they are unsure of. Unfortunately, there is no such warning in
    cyberspace; generally, people ignore such warnings and lose money. It's
    understandable that con artists would try to trick and con people. This week, I
    will explain two techniques con artists use to steal your hard-earned cash. The
    first is a payment link scam, which is not brand new but keeps cropping up from
    time to time. Second, the fraudsters' method of operation includes
    automatically installing mobile malware via links and SMS forwarding apps.



    In both scams, the con artists pose as someone else, such as a
    bank representative or a customer service representative from a service
    provider, to establish contact. They might call, text, or use social media to
    get in touch. These con artists frequently request personal information from
    the victim or have them click on an online link to confirm information.



     



    Scam Payment Link



    Aman Sandhu, a well-known television actor who has appeared in
    shows like Savdhaan India and Crime Patrol, lost money due to a payment
    link scam.



    According to a Times of India report, seven fraudulent fund
    transfers totaling Rs 2.05 lakh were made from three of her bank accounts
    (ToI).



    The transactions took place shortly after she mistakenly clicked
    on a WhatsApp link to set her mother's doctor's appointment for July 6, 2022.
    Through her bank accounts, the actor had enabled the WhatsApp payment feature.



    The actor lost the money within 20 minutes of receiving and
    clicking the link, according to information provided to the newspaper by
    Goregaon police.



    According to a study titled "Tackling India's Financial Cyber
    Crimes" by Deepstrat and The Dialogue, payment gateways typically offer
    the pay via links feature, which allows display names and logos to be modified.
    This enables a fraudster to create a payment link in their own name even though
    their own bank account number is used as the destination account number.



    Scammers are Using Links and SMS Forwarding Apps to Con Bank
    Customers.



    Cybersecurity company CloudSEK has discovered a fresh phishing
    campaign that uses SMS forwarding apps and a link to file complaints to target
    Indian banking customers. An Android SMS forwarding malware is then downloaded
    to the victim's devices after the phishing site has obtained their banking
    credentials and personally identifiable information (PII).



    CloudSEK discovered a number of straightforward online complaint
    portals that cater to Indian banking customers with domains like
    online-complaint.comor customer-complaint.com. Many websites, including secure accounts.in and accountsecureverify.com
    (online-complaint.accountsecureverify.com), employ the same operating system
    and share identical templates.



    The scammer contacts the client while posing as a bank executive
    and shares a link to the fake complaint portal. In order to receive a
    "refund" for the "failed transaction," the "bank
    executive" also requests that the customer enter their complaint type
    along with other private financial data like their card number, CVV number, and
    expiration date.



    Customer Support Srvice.apk, a malicious customer support
    application, downloads to the victims' devices as they are filling out the
    form. All incoming SMS messages are sent to this malicious app's command and
    control (C2) portal, online-complaint.com.



    By using SMS forwarding, the malware enables fraudsters to obtain
    other sensitive data, such as one-time passcode (OTP) or two-factor
    authentication (2FA) verification codes.



    Once these con artists have access to your SMS and all of your
    bank account or credit card information, they can easily withdraw money from
    your account.



    How Being Alert Saves Money



    In a blog post, Tejas Balapalli described how scammers tried to
    trick him into buying tickets to Varanasi on via.com. He tweeted a message
    after running into a problem while making a reservation. He was about to get a
    call. He was informed by the caller that via.com transactions are handled by
    HDFC. He was asked to send a pre-written SMS to HDFC UPI during the
    conversation and enter his card information via a survey money link. However, these instructions served as a reminder, and he cut his credit limit on his card to just Rs 1 more than he had already spent.



    The fraudster then instructed him to download and install an SMS
    forwarding app, which he did. He then added the fraudster's number to the app
    so that it could receive all of his SMS. The fraudster then immediately started
    a transaction from his card for Rs 24,774.96. The transaction, however, was
    unsuccessful because Tejas had set a limit on his card payments.



    Tejas avoided falling for the scammers' payment link and SMS
    forwarding app by being watchful and playing shrewd. Go here to learn more
    about this.



     



    WhatsApp Fake or Modified



    WhatsApp's CEO, Will Cathcart, has urged users not to use modified
    or fake versions of the service that are advertised online under different
    names. He claims, "Our security team recently found hidden malware in apps
    from a developer called "HeyMods" that was distributed outside of
    Google Play, including "Hey WhatsApp" and other apps. "These
    apps advertised new features but were really just a way to steal people's
    personal data from their phones."



    The security community is constantly coming up with new strategies
    to stop the spread of mobile phone malware, he continued.



    Simply put, never click on a link you receive from an unidentified
    person or organization or divulge your financial information. Additionally,
    never look up contact or customer service numbers online, particularly those of
    banks and credit card companies.



    Stay Alert and Safe!



    It is best to go to a bank or credit card company's official
    website, locate their customer service numbers, and then contact them solely at
    those numbers or via email if you have any complaints.



    If an unknown caller asks you to visit a website or click on a
    link that was sent to you via message (SMS or email), do not comply.



    Do not download any apps, as the caller advised.



    Never forget that your bank and credit card provider has access
    to all of your personal information. This means they would never ask you
    to give them your personal information over the phone, by email, or online.



    To protect yourself from viruses, malware, ransomware, and remote
    access, use a high-quality anti-virus program (many free apps offer good
    protection).

    Share :

    Related News

    Lifestyle

    With proper care and attention to storage techniques, you can savor the creamy delight of homemade curd...

    Digital Desk: As temperatures rise during the summer months, the battle against food spoilage becomes more chall

    International

     The backdrop of this protes

    Instagram Feed

    Follow Us