NEW DELHI: The new type of Phishing attack warning is issued by the CERT-IN targeting banking customers. They gather sensitive information like bank credentials, mobile numbers, and their OTP for doing fraudulent activities. This warning was issued in the latest advisory by the CERT-IN. These fraudulent activities are being out by using the ngrok platform which is a web application tool. It is observed that this platform is being vigorously used on Indian banking customers. This ngrok platform is used by cybercriminals to host the malicious and phishing bank portals of different Indian banks. This was mentioned in the advisory of the CERT-IN issued on Tuesday 11th July 2021
CERT-IN is the Indian federal technology arm that battles with the cyber-attacks and providing safety surrounding fore the cyberspace of India. It is written in the advisory that these malicious phishing links end with ngrok.io/xxxbank.
For example:- Dear customer, Your account KYC information is going to suspend soon due to the new RBI regulation. For which you have to go through the re KYC process to verify your official credential. Click the link given below to verify your account details, else you may suffer from account freezing or blocking of the account. Click here linkhttp://446bdf227fc4.ngrok.io/xxxbank”.
once the victim clicks the link and enters the banking credentials, all the information which the victim enters will be forwarded to the cyber actor. Then after this, the victim fills in the details of the 2FA which is then delivered to the victim’s phone but is generated by the cyber actor.
The victim then enters the OTP/2FA on the phishing site hosted by the attacker will be easily captured by the attacker.
It is suggested to banking customers to click only those links which clearly mention the real domain name. If users are confused about whether to open the link or not they can easily check the real domain of the bank by searching the bank name on the internet and then they can check the URL by comparing both the links and then they can open the link safely.
It is advised to keep on updating the device/tool you are using with the legit anti-virus, antispyware software, and enabling the firewall software. Customers should report the Phishing links CERT-In at [email protected] and respective banks with the proper details and report so that action can take on those cyber actors.