Phishing

My bank KYC is pending, and I got this phishing message. Coincidence or data leakage?

Shimray.com is hosted on A2Hosting – A Fast & Secure Web Hosting | Get 60% Off today! A2 Hosting Springing Into Summer Sale

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. [Learn more at Phishing.org]

Here’s the phishing incident I encountered today….

I have a savings account in HDFC bank, at one of the branches in my previous place of posting, Guwahati. As I’m no more in Guwahati and since I need a new cheque book, I went to my nearest HDFC branch at my current location and submitted a request for transfer of my branch from Guwahati.

As per the procedure and as per the KYC norms, I was told by the bank staff that there will be an address verification on my current residence, which will be carried out by a third party that HDFC bank had outsourced for address verification and all.

As of today, my bank branch has already been transferred to the new requested branch, however, the KYC is pending.

And today, I got an SMS saying my account has been blocked due to KYC failure. The message contains a shot link. When I click on the link it took me to a page that looks a lot like an HDFC login page. At first, I thought it was true as my KYC is pending, and I thought that the verification team wasn’t able to verify my address and had accordingly reported to the bank and that the bank had blocked my account.

They were using a URL shortener, and when click takes me to the URL https://hdfcnetbanking-click.preview-domain.com/

However, when I open the page and looked at the domain, I come to realize that it wasn’t a genuine HDFC domain name and that it was a phishing URL.

Being a concerned customer, I immediately reported to HDFC by posting about it on Twitter. HDFC responded quickly and asked me to DM my contact number, which I did. I asked them to report the URL as innocent people who are not tech savvy may fall for such a phishing attack.

At the time of writing this post, the said URL has been taken down and is now showing a 404 Page not found error.

My bank KYC is pending, and I got this phishing message. Coincidence or data leakage? 3

I don’t know if HDFC reported the link and was taken down. If it is the case, I appreciate HDFC bank for their quick response and for taking such security measures seriously.

Today’s experience makes me wonder if it was just a coincidence that I’m getting that phishing message (like many other phishing messages) or if my data is being leaked by a third party knowing that my KYC is pending. Knowing that my KYC is pending and sending such a phishing message will make the phishing more effective as the customer are aware that their KYC is pending. 

I would like to believe that it’s just a coincidence. And I appreciate the quick response by HDFC bank.

But whatever it is, please stay alert, and don’t click on suspicious messages. If you get such messages, make sure you check the URL and verify the authenticity of the domain and URL.

For this case, I looked up the URL https://hdfcnetbanking-click.preview-domain.com/ on the Whois registry, and here’s what I got.

My bank KYC is pending, and I got this phishing message. Coincidence or data leakage? 4

And this makes me realize that it’s a phishing website. In this case, the domain name is preview-domain.com and the subdomain is hdfnetbanking-click. They are using the name hdfcnetbanking to make it look like it’s a genuine HDFC bank URL.

Also, take note that scammers will never show their identity and will always mask their identity while registering for domain names as can be seen above.

While checking the domain, make note of the domain age, when it was registered, and the registrant’s contact details. 99% of the scammers will hide their identity.

Compare the following Whois details of a genuine and fake phishing URL.

While the genuine URL was registered back in 1997, the phishing domain was registered only in 2019. Also, the genuine domain has all the registrant contact details while that of a fake phishing domain had masked their identity.

Stay safe from phishing, and safeguard your hard-earned money.

You might also want to learn about this new phishing technique ‘Browser In The Browser’ (BIBT)

STAY SAFE!

Shimray.com is hosted on A2Hosting – A Fast & Secure Web Hosting


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *