As the fiscal year in India ended on March 31, many people are working on their tax returns. Unfortunately, scammers are taking advantage of the situation by targeting Indian account holders through tax-time smishing campaigns, according to researchers.
What is Smishing?
Smishing is a scam in which malicious text messages claiming to be from well-known Indian banks are sent to users with the intention of tricking them and obtaining their personal information.
How are Scammers Targeting Indians?
According to researchers, scammers are currently keeping an eye on a smishing campaign in which they send texts to people claiming that their bank account will be blocked and tell them to update their PAN and AADHAR card information. These texts also contain a link to an Android Package (APK) file, which is downloaded and installed when the link is clicked. The APK spoofs bank login pages by opening them after installation to fool users.
What are the Risks?
This hurts not only recipients but also the bank’s brands. The APK then attempts to obtain the recipient’s login, password, debit card number, and ATM pin. The data is exfiltrated to a remote server owned by the attackers rather than the bank that is claimed to have sent the text message if the recipient enters any personal information. The malicious APK also has the capability of reading SMS messages as they are received, possibly to extract any bank-issued OTP codes.
How to Stay Safe?
Users who receive an unexpected message “from their bank” or from another service provider must contact the service provider directly via phone or the legitimate, secured website of the service provider. Clients should also abstain from clicking any links sent via text messages and avoid installing applications from untrusted sources.
Here are some tips to prevent falling victim to smishing campaigns:
Be cautious of unexpected messages:
If you receive an unexpected message claiming to be from your bank or any other service provider, do not trust it blindly. Instead, contact the service provider directly through their legitimate, secure website or customer support phone number to verify the message’s authenticity.
Do not click on links:
Never click on any links sent through text messages, especially if they are from unknown sources. These links can contain malicious software that can harm your device or steal your personal information.
Do not install apps from untrusted sources:
Only install apps from trusted sources such as Google Play Store or Apple App Store. Installing apps from untrusted sources can lead to malware infections or unauthorized access to your device.
Use two-factor authentication:
Enable two-factor authentication (2FA) for all your online accounts, especially your banking and financial accounts. This adds an extra layer of security and makes it harder for attackers to gain access to your accounts.
Keep your software up to date:
Keep your phone’s operating system and apps up to date with the latest security patches. This helps prevent attackers from exploiting known vulnerabilities in older versions of software.
By following these simple tips, you can significantly reduce the risk of falling victim to smishing campaigns and other types of cyber scams.
