Do not fall for SMSes asking for KYC updates, they could steal your banking credentials: CERT-In issues warning

Cybercriminals have found a new modus operandi. They are posing as banking professionals and are targeting unsuspecting customers with a new type of phishing attack using the ngrok platform. The Indian Computer Emergency Response Team or CERT-In has issued a notice warning all Indians about this new scam. These phishing attacks are being carried out to get sensitive information from unsuspecting users like their internet banking credentials, phone numbers, one-time passwords, etc.

“It has been observed that Indian banking customers are being targeted by a new type of phishing attack using ngrok platform. The malicious actors have abused the ngrok platform to host phishing websites impersonating the internet banking portals of Indian banks. Using these phishing websites, malicious actors are collecting sensitive information of the customers like Internet Banking credentials, mobile number, One Time Password(OTP), etc. to perform fraudulent transactions,” CERT-In noted.

With most of our transactions happening online these days, it is very important to keep our online banking credentials extra protected. And these are the exact things the scammers are trying to steal. As CERT-In explained, scammers are sending SMSes embedded with phishing links to users, and most of these links end with ngrok.io. The message sent usually asks you to update your KYC following the link and warns you that if you don't do it, your bank account will be suspended. The message essentially prompts you to click on the link and proceed.

Many people are likely to fall for these messages because very often they will not check the source of the message or pay attention to the details. The first instinct for most people would be to fix the issue to save their accounts from getting suspended and this is exactly what the cybercriminals are counting on.

The very moment a user clicks on the URL provided with the message and logs into the phishing website using their internet banking details, they receive an OTP on their devices which makes the whole procedure seem legit. Then when the OTP is used on the website, scammers capture this information (the banking credentials and then the OTP) and use this to bypass the two-factor-authentication (2FA) on the legitimate banking account and make fraudulent transactions.

CERT-In has mentioned in its advisory that people need to be extremely careful about messages and emails like these. Importantly, messages that are legitimately sent by the bank usually contain a sender ID which is the bank's name or a shortened version of it. The fraud messages come from sender IDs that are phone numbers or bank names with tiny, negligible errors that are very easy to miss. This is one thing you need to carefully check. Another thing to pay attention to is the language of the text in the message/email. Messages sent by fraudsters are usually grammatically incorrect and are not written in a proper format, a stark contrast from the professionally worded correspondence you'd expect to receive from your bank.

If you receive a request to update or verify your KYC on your email or SMS, be very careful and check it cautiously before you click on any link.