Days after the biggest data breach in the India banking history, several banks including SBI, ICICI and HDFC Bank are once again facing severe threat from phishing websites, claims US-based cyber security company FireEye.
According to a FireEye report, a new domain, csecurepay[.]com, which appears to be an online payment gateway, has been asking online banking customers to enter their account number, mobile number, email address, one time password (OTP) and other details. Once the information is collected, the website displays a fake failed login message to the victim.
The researchers from FireEye have discovered that the malicious phishing website created by cyber criminals has spoofed 26 Indian banks’ websites to steal personal information from customers.
The phishing site served fake logins from 26 banks, including HDFC Bank, ICICI Bank, IDBI Bank, State Bank of India, among others.
When a customer navigates to the URL, the domain appears to be a payment gateway and asks for bank account number and the amount to be transferred. The victims are allowed to choose their banks from a list.
In the next step, the malicious website requests the victim to enter their valid 10-digit mobile number and email ID which makes the website appear more legitimate.
“The victim will then be redirected to the spoofed online banking page of the bank they selected and are requested to login,” FireEye said.
After entering their login credentials, the victim will key in their OTP and once all the sensitive data is gathered, a fake failed login message such as “Some error occurred. Try after some time” will be displayed on the screen.
FireEye said it has notified the Indian Computer Emergency Response Team (CERT-In), which is under the Ministry of Electronics and Information Technology, about the threat.