“Following this, it asks for an OTP sent to the user’s mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page,” the researchers informed.
The research team came to a conclusion that the campaign is pretended to be launched from State Bank of India but hosted on the third-party domain instead of the official website www.onlinesbi.com, which makes it more suspicious.
The overall layout of the web page used in the campaign is kept similar to the official SBI net banking site to lure the users.
The SBI was yet to react to the report.
In the second case of luring users to win attractive free gifts, the team found that the WhatsApp message also redirects the user to a link.
“On the landing page, a congratulations message appears with an attractive photo…