Hackers targeting Indians in tax-related frauds: Here’s how to stay safe – Times of India
India’s fiscal year ended on March 31 and people are now busy completing their tax returns. Researchers have warned that scammers are taking advantage of the situation and are targeting Indian account holders through tax-time smishing campaigns.
A smishing campaign is a fraudulent practice in which malicious text messages, purporting to be from popular Indian banks, are sent to users with an aim to trick them and get their personal information.
How scammers are targeting Indians
Researchers claim that they are monitoring a smishing campaign in which scammers are sending a text falsely claiming that the recipient’s bank account will be blocked, and telling the recipient to update their PAN and AADHAR card information on their accounts.
According to a report by Sophos, these texts also include a link to an Android Package (APK) file. After clicking on the link, an APK is downloaded and installed. After installation, this APK opens fake (but lookalike) bank login pages to trick users.
“This not only abuses recipients but the bank brands. The APK then tries to acquire the recipient’s login, password, debit card number, and ATM pin,” the report said.
If the recipient enters any personal information, the data gets exfiltrated to a remote server owned by the attackers rather than the bank from which the text message is claimed to have been sent.
Additionally, the malicious APK also has the ability to read the contents of SMS texts when they are received, possibly to extract any OTP codes issued by the bank.
How to stay safe
Sophos said that users who receive an unexpected message “from their bank” or other service provider must reach out directly to the service provider by phone or through the provider’s legitimate, secured website.
Users must also refrain from clicking any links sent via text messages and avoid installing applications from untrusted sources.
A smishing campaign is a fraudulent practice in which malicious text messages, purporting to be from popular Indian banks, are sent to users with an aim to trick them and get their personal information.
How scammers are targeting Indians
Researchers claim that they are monitoring a smishing campaign in which scammers are sending a text falsely claiming that the recipient’s bank account will be blocked, and telling the recipient to update their PAN and AADHAR card information on their accounts.
According to a report by Sophos, these texts also include a link to an Android Package (APK) file. After clicking on the link, an APK is downloaded and installed. After installation, this APK opens fake (but lookalike) bank login pages to trick users.
“This not only abuses recipients but the bank brands. The APK then tries to acquire the recipient’s login, password, debit card number, and ATM pin,” the report said.
If the recipient enters any personal information, the data gets exfiltrated to a remote server owned by the attackers rather than the bank from which the text message is claimed to have been sent.
Additionally, the malicious APK also has the ability to read the contents of SMS texts when they are received, possibly to extract any OTP codes issued by the bank.
How to stay safe
Sophos said that users who receive an unexpected message “from their bank” or other service provider must reach out directly to the service provider by phone or through the provider’s legitimate, secured website.
Users must also refrain from clicking any links sent via text messages and avoid installing applications from untrusted sources.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.