If you are a customer of State Bank of India then there is a new KYC scam that you need to know about. In the disguise of KYC verification, scammers are trying to collect your online banking information by sending a fake SMS with the link to a malicious website that looks exactly like the SBI online banking website, as per a report by The Research Wing of CyberPeace Foundation along with Autobot Infosec. Here’s everything you need to know about the new scam targeting State Bank of India customers.
The scam starts with a SMS claiming to be from SBI asking you to verify your KYC details online
You may get an SMS asking you to update your KYC details for SBI bank account by clicking on a link as your SBI account KYC has expired. You may also get a similar message on your email as well.
On clicking the link, you will be directed to a website that looks like the official SBI website
The moment you click the link that is there on the SMS, you will be directed to a website that looks exactly similar to the official SBI website. But there are two things to check: the URL of the official SBI website is “https://retail.onlinesbi.com/retail/login.htm” while the fake website has a different URL and it’s on HTTP protocol and not HTTPS like the original one.
If you click on ‘Continue to login’ button you will be asked to enter your SBI banking details
On clicking the “CONTINUE TO LOGIN” button on the fake website it redirects users to page where it asked users for confidential information like Username, Password and a Captcha in order to login to the online banking, as per The Research Wing of CyberPeace Foundation along with Autobot Infosec.
You will be asked to enter the OTP that you have got on your registered mobile number
After providing details like username and password to login, you will be asked to enter the OTP that you have got on your registered mobile number. Interestingly, you can enter any random OTP to proceed.
The fake SBI website will ask for these personal details
After entering a random OTP, you will be redirected to a page which will ask users to enter some personal information like Account Holder Name, Mobile Number, Date of birth.
You will get redirected to the same OTP page once the details have been taken
After you have provided all personal details, you will get redirected to the same OTP page once again.
What is the purpose of this scam and can you lose money immediately
Scammers are collecting banking information like Username, Password, Account Holder Name, Mobile Number, Date of birth from the user. The official SBI login page is secured by OTP linked to your registered mobile number and also for every transaction or changes to your profile, an OTP verification is required. So, this will prevent you from immediate financial scams but with the personal data collected, scammers can trap you at a later date. “Getting into this type of trap could lead the users to face a massive financial loss,” said The Research Wing of CyberPeace Foundation along with Autobot Infosec.
Don’t click on links that you get over SMS and always check the URL
This is just a classic phishing scam and readers are advised not to click on links that they get over SMS, emails, WhatsApp, etc. Also, always check the URL of the website and see whether or not it is HTTPS.