Chinese hackers are targeting the State Bank of India (SBI) users with phishing scams, asking them to update their KYC using a particular website link and offering free gifts worth Rs 50 lakh from the bank via WhatsApp message, media reported on Wednesday.

The research wing of New Delhi-based think tank CyberPeace Foundation, along with Autobot Infosec Pvt Ltd, studied two such incidents on the name of SBI that were faced by some smartphone users.

“All the domain names associated with the campaign have the registrant country as China,” the research team said.

In the first case of the text message requesting KYC verification, the landing page that appears resemble with the official SBI online page.

On clicking the “Continue to Login” button, it redirects the user to full-kyc.php page, asking confidential information like username, Password and a captcha in order to login to the online banking.

Buy Me A Coffee

“Following this, it asks for an OTP sent to the user`s mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page,” the researchers added.

The research team came to the conclusion that the campaign is pretended to be launched from the State Bank of India but hosted on the third-party domain instead of the official website, which makes it more suspicious.

FBI: Akira Ransomware Responsible for $42 Million in Losses, 250+ Breaches

The overall layout of the web page used in the campaign is kept similar to the official SBI net-banking site to lure the users.

“On the landing page, a congratulations message appears with an attractive photo of State Bank of India and asks users to participate in a quick survey to get a free gift of Rs 50 lakh from the State bank of India,” the researchers informed.

At the bottom of the page, a section appears which seems to be a Facebook comment section where many users have commented about how the offer is beneficial.

The Research teams investigated the URLs in a secured sandbox environment where the WhatsApp application was not installed.

The researchers recommend that people should avoid opening such messages sent via social platforms.