Hackers target Indian account holders in tax-related smishing campaign: Report


New Delhi, Apr 14 (IANS): Researchers have started monitoring a smishing campaign in which malicious SMS texts are being sent out trying to trick users of certain Indian banks, a new report said on Friday.

According to cybersecurity company Sophos, the smish campaign consists of a text with a link addressed to customers of the most popular Indian banks.

It sends a text falsely claiming that the recipient's bank account will be blocked, and telling the recipient to update their PAN and AADHAR card information on their accounts.

The text also includes a link to an Android Package (APK) file.

According to the researchers, this campaign is targeting customers looking to file returns in tax season and to update their year-end financial results.

Moreover, the report mentioned that the link downloads an APK and after installation, this APK opens fake (but lookalike) bank login pages - abusing not only recipients but the banks' brands.

The APK then tries to acquire the recipient's login, password, debit card number, and ATM pin.

If the recipient enters any personal information, the data gets exfiltrated to a remote server owned by the attackers rather than the bank.

Further, the report explained that the APK also has the ability to read the contents of SMS texts when they are received, possibly to extract any OTP codes issued by the bank.

 

  

Top Stories


Leave a Comment

Title: Hackers target Indian account holders in tax-related smishing campaign: Report



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.