- Published on
Dissecting SBI netbanking clone Financial Fraud
- Authors
- Name
- Vinayak Ganapuram
- @vinayakkg
This post is an alert on Cybercrime.
Yesterday I received a SMS asking to redeem SBI Rewards Points. Out of curiosity I opened the link on my desktop browser and found that it was a clone of SBI Netbanking. Upon digging further learnt that this website had 10 pages designed carefully looking to harvest Aadhar Card, Pan card, DOB, Name, Last 4 digit A/C no, et al. PDF attached of screens
Few observations: - First OTP entered would always show failure asking to enter again - OTP is asked in the journey total 6 times - Captures all important details step by step
In short - this was designed to not only capture all personal details(for more such scams) but execute transactions with the 6 OTP's given. In the age of internet, there is no need to rob at gun point, design such websites and send SMS to all (spray). And pray/wait till few fall for it
Let's not click any link from SMS and fill form for sites claiming to be from bank unless you are very sure.
Stay safe.
Reported site was shut by cleverapps .io. However the backend to which credentials were posted is still up. Posting it here for awareness
Update: Hostinger has been kind enough to take down the backend
References
Ref: https://community.letsencrypt.org/t/how-to-obtain-a-cert-without-a-common-name/72807/9 Ref: https://community.letsencrypt.org/t/multiple-domain-names-per-certificate-performance/205443
Let's demystify SSL together! Like and share to spread the knowledge.