Phishing Websites targeting all major Indian banks discovered

Phishing, Threat

The time Indian government announced it’s move for financial transaction to be done in plastic money, soon after that a shocking revelation given by cyber security provider FireEye.

Cyber Security provider FireEye in it’s lab discovered malicious phishing websites designed to steal a bank account holders details including online login ID, password and mobile numbers from customers of several banks in India.

The malicious websites mainly targets Indian banks as a total of 26 banks are available in the list to choose from and login to online transactions.

FireEye in post asserts that till now the observed domains have not been found in any phishing campaign. According to the researcher, websites appear to be in the earlier stages of development.

Further providing details, FireEye named 2 such websites that are created with malicious intend as “csecurepay[.]com” and “nsecurepay[.]com”.
Both the website was registered in October 2016.

The websites pretend to offer online payment gateway services to login, choose from listed bank and do transactions. But according to the researchers, it is presumably a phishing website that at the end captures victim’s logon credentials and user information like mobile number.

“As a precautionary measure , the Indian Computer Emergency Response Team has been notified of such websites” says FireEye.

So, where the Security mess is?
When navigating to the malicious website, the victim is allowed to choose their bank from a list that is provided. It further requests the user to enter their bank account number and the amount to be transferred.

The victim is then redirected to the mimic online banking page of the bank they selected, which requests the victim to log in using their user name and password. [as depicted in figure, credit FireEye]

fig3
Once victim enters the user ID and Password, it is recorded in the hackers database who later can use the credentials to steal money from victim’s account.

The website contains the list of all major Indian banks for online transaction such as State Bank of India, Bank of Baroda, Indian Bank, Kotak Bank etc.

In second half of October it was revealed that 3.2 Million Indian Debit cards have been hacked. Responding to it, all major Indian banks withdrawn the hacked cards.

Any way to defeat such campaign? “Yes ! as a user who loves to transact online, need pay more attention while navigation on bank website.” CYBR NOW Team reached to Information Security Researcher JS Rajoria asking recommendation for safe online transaction. Responding to our query, Mr. Rajoria said ” while doing online transaction, users need to check if the URL is correct and secured with HTTPS.” He added, “the best way to defeat phishing campaign is to avoid clicking any links mentioned in any random email or social networking websites, specially when any unusual link pretending to offer any lucrative deal”.