Today I come across a fraudulent email which is exclusively designed for carrying out phishing attacks on several Indian banks like State Bank of India (SBI), Bank of India, Punjab National Bank, Union bank, ING Vysya and many more. This email pretends to be from the Reserve Bank of India (RBI) and has a subject line – “IMPORTANT ACCOUNT UPDATES AS A MATTER OF URGENT!!”
The attacker tries to create a panicky sort of atmosphere by mentioning that “During our (RBI’s) regular update and verification of the all Indian Online Banking Services we could not verify your current information. It is either your information has been changed or incomplete, as a result your access to use the bank services has been limited for online payments and transfers to prevent unauthorized usages.” This is followed by instructions to click on an “UPDATE HERE” tab in order to restore full ‘Online Banking access’.
If anyone gets convinced to click on the tab, he will be taken to a fraudulent page which looks pretty similar to the official RBI page. The address of this page is as follows – “hXXp://allthemusic.org/plugins/plugins/cb_audio/includes/scripts/FILE112/index.html?bank=hXXp://rbi.org.gov”
At the bottom of this page the names of several leading Indian banks are mentioned. Clicking on any of those links redirects the user to a fake page which then asks the victim to provide online banking services information like – card no., password, registered mobile no. etc. The following image shows the page that opens in the case one clicks on the SBI link:
Clicking on the ‘Submit’ tab will transfer all the confidential information to the attacker. Then the page gets redirected to the original bank website.
Quick Heal successfully blocks these fraudulent links and protects its users. Also, Quick Heal anti-spam feature blocks such emails from reaching users’ inbox in the first place.