New Delhi: Scammers are targeting banking customers in India using a novel phishing attack to collect sensitive information such as internet banking credentials, mobile number and OTP to carry out fraudulent transactions, the country's cyber security agency has warned in its latest advisory.
The malicious activity is being carried out using the ngrok platform, a unique web application, it said.
"It has been observed that Indian banking customers are being targeted by a new type of phishing attack using ngrok platform."
"The malicious actors have abused the ngrok platform to host phishing websites impersonating internet banking portals of Indian banks," according to the advisory issued by CERT-In on Tuesday.
The Indian Computer Emergency Response Team or CERT-In is the federal technology arm to combat cyber attacks and guarding the cyber space against phishing and hacking assaults and similar online attacks.
Phishing denotes to the fraud when an attacker, masquerading as a trusted entity, tricks a victim into clicking evil links to steal passwords, login credentials and one-time password (OTP).
Using these phishing websites, the advisory elaborated, "malicious actors" are collecting sensitive information of the customers such as internet banking credentials, mobile number and OTP to perform "fraudulent transactions."
It said the phishing attacks have been seen to be triggered through SMSes containing links that end with ngrok.io/xxxbank.
The advisory explained this with a sample SMS.
"Dear customer your xxx bank account will be suspended! Please Re KYC Verification Update click here link http://446bdf227fc4.ngrok.io/xxxbank".
Once a victim clicks on this URL (universal resource locator) and log in to the phishing website using internet banking credentials, the attacker generates OTP for 2FA or two factor authentication which is delivered to the victim's phone number.
"The victim then enters this OTP in the phishing site, which the attacker captures," it said.
Finally, the attacker gains access to the victim's account using the OTP and performs fraudulent transactions, the advisory said.
The cyber security agency has suggested some "best practices" to nip these attacks in the bud, the most important being: "Look for suspicious numbers that don't look like real mobile phone numbers as scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number."