Beware of SBI credit points scam!
Several State Bank of India (SBI) users have been targeted with a scam. Hackers have flooded them with suspicious text messages followed by a request to redeem their SBI credit points worth Rs 9,870. There is a fake link forwarded along with this text which redirects the user to fake website.
After being redirected to the landing page, the user is asked to submit personal information including sensitive financial details like card number, expiry date, CVV and Mpin under a ‘State Bank of India Fill Your Details’ form. After submitting the form, the user is directed to a “thank you” page.
New Delhi-based think tank CyberPeace Foundation along with Autobot Infosec Private Ltd is looking into the matter. The website is suspicious as it collects data directly without any verification and is registered by a third party instead of having the registrant organisation name of State Bank of India.
The foundation reported, “Moreover, according to SBI, they never communicate with their customers via SMS or emails containing links with regard to the user’s account. Any reputed banking entity also does not use WordPress like CMS technologies on its official website for security reasons,”
“The domain name of the website can be traced to India, and the registrant state was found to be Tamil Nadu,” the report mentioned.
Further, the report mentioned that it was observed that the form takes user inputs without performing basic validation of data type. It added, “The email password field shows the entered password in clear text instead of keeping the characters hidden. A similar source code observation is noted,” “The card number field accepts an infinite number of digits instead of only 16 digits, which SBI cards usually have. All these instances of negligence clearly indicate bad coding practice,”