Rising Phishing Threats Target India’s BFSI Sector: Scammers Using Evolved Tactics to Steal Personal Information

 

Cybercriminals are constantly adapting their techniques to stay ahead of detection and maximize their gains from sensitive data. Recent trends suggest a departure from the use of brand logos and phishing website impersonation, especially within India's Banking, Financial Services, and Insurance (BFSI) sector.

Examining the Scam The Bolster Research team recently conducted a study that uncovered a series of phishing pages operating under a deceptive facade. These pages posed as legitimate Unified Payments Interface (UPI) Gateway and recharge service providers, enticing unsuspecting victims with promises of retail and dealership opportunities. However, beneath this veneer of legitimacy lay a sinister operation aimed at illicitly obtaining personal information, including email addresses, phone numbers, Permanent Account Numbers (PAN), and Aadhaar Card numbers.

The Consequences of Stolen Data The stolen data opens the floodgates to a wide array of fraudulent activities, including identity theft and financial fraud. It's essential to recognize the severity of the situation, as the consequences of such breaches can be devastating for individuals and organizations alike.

Also Read: Pune Couple's Organized Cyber Blackmailing Scandal Uncovered

Potential PAN and Aadhaar Card Scams Recent reports have shed light on several instances where scammers have been apprehended for the illicit acquisition and sale of PAN and Aadhaar cards belonging to numerous users. It is plausible that the exposed phishing campaign was one of the methods employed to facilitate these illegal activities. The potential for misuse of this sensitive information underscores the need for increased vigilance and cybersecurity measures.

A Shift in Phishing Tactics Traditionally, scammers relied on impersonating well-known brands, creating counterfeit websites adorned with logos and brand names to deceive their victims. These fake sites were often detectable using AI tools that analyzed logo patterns, text resemblances, or employed computer vision hashing. However, the latest wave of phishing campaigns signals a significant shift in tactics.

Rather than copying recognizable brands, threat actors are now adopting the guise of legitimate businesses. They employ persuasive tactics to convince users to divulge personal information, such as Aadhaar Card numbers, PAN numbers, business names, email addresses, and phone numbers. Armed with this information, fraudsters can launch manipulative social engineering attacks against individuals, making it imperative for users to exercise caution and stay informed about evolving cybersecurity threats.

In conclusion, the ever-evolving landscape of cyber threats in the BFSI sector demands heightened awareness and proactive measures. As cybercriminals continue to refine their methods, organizations and individuals must stay vigilant, employ robust cybersecurity practices, and be cautious when sharing sensitive information online.


Graphics explaning how the cam work - source Bolster

Graphics explaining how the cam work – image source: Bolster

 

The diligent research team at Bolster has unearthed several significant discoveries in the course of their investigation into phishing scams. Let's delve into these critical findings and learn how to safeguard ourselves against these ever-evolving threats.

Targeting Small Businesses and Local Vendors One of the most striking revelations from the Bolster research is that these scams primarily prey on small businesses and local vendors who are transitioning to digital transactions. Many of these victims lack familiarity with payment gateway services, making them vulnerable targets for cybercriminals.

Templates and Subscription Models The research uncovered a staggering 150 active phishing websites, all using one of three templates and offering similar services. These deceitful sites often operate on a subscription model, cunningly collecting personal information during the registration process. This information becomes a goldmine for cybercriminals.

Also Read: Cyber blackmailing case: Shatrughan's bail plea rejected

Similar to Previous Scam Campaigns Some of these fraudulent websites have ties to earlier scam campaigns, including the notorious Aadhaar printing scam and the UPI reward scam. The resemblance between these scams underscores the adaptability of cybercriminals in repurposing their malicious tactics.

Unmasking Phishing Kits The Bolster research also shed light on the existence of a phishing kit employed to create specific phishing websites. These kits streamline the process of crafting deceitful online platforms to deceive unsuspecting victims.

Varieties of Phishing Websites The investigation categorized phishing websites into three primary types:

  • Impersonating UPI Payment Gateway: These websites masquerade as legitimate UPI payment gateways, offering services such as webhook integration, UPI transactions, and bank transactions under a subscription-based model.

  • Impersonating UPI123: These deceptive sites initially do not request personal information but later demand payment for subscriptions, luring victims with false promises.

  • Using Trusted Brand Names: Certain phishing websites cunningly employ the names of renowned UPI wallet and gateway vendors to gain the trust of their victims, further complicating the identification process.

Protecting Against Phishing As phishing techniques continue to evolve, it is imperative to implement effective strategies to safeguard against these insidious threats:

  • Guard Your Sensitive Information: Never share your Aadhaar number, whether it's the 12-digit or 16-digit virtual version, and your PAN number with unfamiliar or unauthorized parties.

  • Specify Purpose and Date: When providing photocopies of your Aadhaar and PAN, always specify the purpose and date on the copies, and ensure they are self-attested. This simple precaution can help deter identity theft.

  • Secure Your Aadhaar: Take advantage of the Aadhaar Lock/Unlock feature available at https://myaadhaar.uidai.gov.in/. This allows you to generate a 16-digit virtual ID and lock/unlock your Aadhaar details, providing an extra layer of security.

  • Register Contact Information: Make sure your mobile number and email ID are registered with UIDAI. This will enable you to receive notifications of any Aadhaar verification attempts, allowing you to stay vigilant against potential misuse.

  • Official Updates Only: For any updates or changes to your personal details in Aadhaar and PAN, only approach an official Aadhaar and PAN enrollment center. Avoid falling prey to unauthorized sources claiming to provide these services.

In today's age of rapidly evolving cyber threats, vigilance and caution serve as our strongest defenses against falling victim to these sophisticated phishing campaigns. It is essential for individuals and businesses alike to stay informed and proactively take measures to safeguard their sensitive data. Stay safe and stay cyber-aware!

Source: https://www.the420.in/cybercriminals-adopt-stealthy-tactics-india-bfsi-sector/



Comments

Post a Comment

Popular posts from this blog

From China to Agra: 27 Illegal Cricket Betting Sites Shut Down in Major Operation, Full Detail Inside

Image
  In a commendable display of proactive law enforcement, the Cyber Cell in Agra has successfully taken down a web of copyright violations, illegal online gambling, and betting activities. This operation has resulted in the blocking of 27 illicit websites engaged in betting and online gaming, safeguarding approximately 15 lakh Indians from potential fraud. Moreover, it has prevented an estimated Rs 38 thousand crores from being transferred to foreign shores, primarily China. Unveiling the Operation The roots of this operation can be traced back to a complaint filed by Hotstar India Company. The complaint highlighted unauthorized copying of live content, live games, third-party apps, and more. These infringements were made possible through the download and dissemination of the content via various web portals and foreign servers, including those in China, Vietnam, Philippines, and Russia. Uncovering the Extent of Fraud As the investigation delved deeper, it revealed a sprawling networ...
Read more

Cybercrime in Nagpur - Cyber Blackmailer Couple Arrested in Pune for Extorting Money

Image
A sensational case of  cyber black mailing  and cheating has come to light in the city.  In this case registered at Pratap Nagar police station, the police have arrested 3 including the main accused IT professional husband and wife from Pune. Arrested accused includes Shatrughan Singh Tangral and his wife Manjusha along with Rahul Satyendra Jha, all three are residents of Pune. It is alleged that he stole source code and client's data from the director of a company based in Nagpur in the last 5 years and blackmailed them with rigging of about 9 crores. Police have booked a total of 12 people under various sections of cybercrime including cheating and blackmailing threats etc. Probably this is the first case of cyber blackmailing in the city.   Loot of 9 crores in 5 years All the three accused were produced in the court on Friday from where they were sent to police custody for 4 days. The prosecution argued that, the accused are highly educated and are tricksters. If ...
Read more

Kashmiri Brother-in-Law could not show Kamal, and pressure on Nagpur police failed

Image
  The City Exelon Software Private Limited Company in Nagpur has been rocked by a case of cyber blackmailing , source code and data theft, and software rigging that has left its director, Vinod Kumar Tambi, reeling. The accused parties include Pune resident IT professional Shatrughan Singh Tangral and his wife, Manjusha, who are the main culprits in the case. It is alleged that they used Tambi's company's source code and data to form their own company and rigged bills worth crores. The couple was caught and arrested, but Shatrughan's brother-in-law, who is an inspector in the Jammu and Kashmir Police, arrived in Nagpur to save his brother-in-law. However, he has failed to make any headway with the Nagpur police, who are under pressure from the IPL lobby. It has come to light that Shatrughan and his wife Manjusha started forging documents and making fake bills by taking some IT professionals of Exelon along with them to benefit their private company. The couple made fake bil...
Read more