SBI customers targeted with text phishing scam

According to CyberPeace Foundation, a New Delhi-based cyber security think tank, some of the SBI customers have recently received suspicious messages which shows a link to redeem their SBI credit points worth Rs. 9,870.

The link written in the message is redirecting the customer to a fake website, on which a ‘State Bank of India Fill Your Details’ form is showing. The user is then asked to submit some personal and financial information – name, date of birth, e-mail ID, registered mobile number, card number, expiry date, CVV and MPIN. As per the report, the domain name of the website can be traced to India, and the registrant state is Tamil Nadu.

“The fake site collects data directly without any verification and is registered by a third party instead of having the registrant organization name of State Bank of India, making it all the more suspicious”, according to the report of CyberPeace Foundation along with Autobot Infosec Private Ltd. As per the statement of SBI, they, like any other reputed banking entity, never communicate with their customers via SMS or e-mails containing links about the user’s account.

The title name of the website is traced to be ‘Home-Earn Redeem Points’ using a source code analysis. The user is being redirected to a WordPress website after clicking the tag found in the source code.