The State Bank of India (SBI), India’s largest public sector bank, has issued a critical security advisory warning customers about an ongoing cyber fraud scheme targeting account holders through fake reward point messages.
The fraudsters are reportedly sending deceptive messages via SMS and WhatsApp, attempting to lure customers with promises of reward points redemption. These messages typically contain links to download APK files or claim supposed reward points, mimicking official bank communications.
The bank has identified a new wave of fraudulent messages circulating among customers. A sample of the deceptive message reads:
“Hi User Your -S.B.I YONO MC R’ewards Point E’xpire Rs.7854 today P’lease C’onvert to cash click link https://bitly.ws/3e5Cd”
— State Bank of India (@TheOfficialSBI) November 9, 2024
How the Scam Works
The fraudsters are employing sophisticated social engineering tactics:
- Sending messages claiming to be from SBI YONO, the bank’s official digital banking platform
- Creating a false sense of urgency about expiring reward points
- Providing shortened links that redirect to phishing websites
- Attempting to deceive customers into sharing sensitive banking information
The bank has advised customers to:
- Never click on links received through SMS or WhatsApp claiming to be from SBI
- Be particularly suspicious of messages containing shortened URLs (like bitly links)
- Avoid downloading any APK files related to bank services
- Remember that SBI never sends reward point redemption links through SMS
- Report suspicious messages to the bank’s official fraud reporting channels
- Conduct all banking activities only through official SBI applications available on legitimate app stores
