Hyderabad: Cyber fraudsters are apparently laying yet another trap to loot the public, especially those who have a savings account and debit card facility.
According to the police, messages are being sent to customers asking them to register on a website by clicking on a link. The fraudulent link guides the customer to a fake website where the card details are collected. Recently, several State Bank of India customers with debit and credit card facility received these phishing messages on their phones asking for personal details.
The message says the savings account and debit card will be suspended within a given date due to incomplete Know Your Customer (KYC) details.
“The message further says to reactivate the bank account; the full KYC needs to be updated. To stay updated with your transactions, register now. The message ends with a link,” said Sunny, a private employee from Chikkadpally. When the link is clicked on, the customer is directed to another tab which asks for card details including the card number, CVV (Card Verification Value) code and date of birth. “These gangs are so professional that with their tactics including sweet talk, claiming to provide easy loans, debit card blockage, obtain the CVV code and then loot the customers,” said a cybercrime official from Hyderabad.
These fraudsters use phishing and pharming techniques to fraudulently obtain confidential information of the user. While in phishing, they entice a user to the website through a bait, maybe in the form of a phone call or email or a link, pharming re-directs users to the bogus website even if they have typed the correct web address, officials said.
According to the Hyderabad Cybercrime police, cyber criminals set up a fraudulent website that contains copies of pages from a genuine website in order to capture confidential information from users. By hacking into the internet’s DNS (Domain Names System) servers and changing IP (Internet Protocol) addresses, users are automatically redirected to the fake website, at least for some period of time until the DNS records can be restored.
The bogus site could collect usernames and passwords or using some pretense request seeking additional financial information. The user’s complete personal data is stolen, officials said. When contacted, the SBI officials denied sending such messages to their customers and cautioned cutomers against falling prey to such frauds. “No bank executive calls or sends messages to customers seeking their personal details online,” they said adding customers can use the SBI Card mobile application to prevent being looted instead.