Phishing Websites Stealing Information From Customers of 26 Indian Banks, Claims FireEye

Advertisement
By Indo-Asian News Service | Updated: 2 December 2016 16:58 IST

Researchers from US-based cyber security company FireEye have claimed discovering malicious phishing websites created by cybercriminals that spoof 26 Indian banks to steal personal information from customers.

FireEye identified a new domain (csecurepay[.]com) that was registered on October 23 this year and appears to be an online payment gateway but actually is a phishing website that leads to the capturing of customer information from 26 banks operating in the country, the company said in a statement on Thursday.

Advertisement

In this phishing attack, victims are asked to enter their account number, mobile number, email address, one time password (OTP) and other details. Once the information is collected, the website displays a fake failed login message to the victim.

The phishing site served fake logins from 26 banks, including HDFC Bank, ICICI Bank, IDBI Bank, State Bank of India, among others.

Advertisement

This is how it works. When navigating to the URL, the domain appears to be a payment gateway and requests that the user enter their bank account number and the amount to be transferred. The victim is allowed to choose their bank from a list.

In the next step, the malicious website requests the victim to enter their valid 10-digit mobile number and email ID which makes the website appear more legitimate.

Advertisement

"The victim will then be redirected to the spoofed online banking page of the bank they selected and are requested to login," FireEye said.

After entering their login credentials, the victim will key in their OTP and once all the sensitive data is gathered, a fake failed login message such as "Some error occurred. Try after some time" will be displayed to the victim.

Advertisement

"Criminals follow the money and as more Indians embrace online banking, criminals followed them online. As the digital economy grows, consumers should be aware of the risks that accompany the convenience," noted Vishak Raman, Senior Director for India and Saarc at FireEye.

Using the registration details of this domain, FireEye security researchers identified a second domain (nsecurepay[.]com) registered by the same attacker in August 2016 and appeared to be created to steal credit and debit card information, including ICICI, Citibank, Visa and MasterCard and SBI debit card details.

"The ease of online payments opens new avenues for criminals to trick consumers into divulging their own sensitive banking information. The growing sophistication of these cyber criminal campaigns makes them harder for consumers to identify and firewalls and antivirus technology do not stop these attacks," Raman added.

FireEye said it has notified the Indian Computer Emergency Response Team (CERT-In), which is under the Ministry of Electronics and Information Technology, about the threat.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: OTP, Phishing, Internet, FireEye
Advertisement

Related Stories

Popular Mobile Brands
  1. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot
  2. Oppo K15 Launch Date Confirmed; Key Specifications Revealed Ahead of Debut
  3. Lava Virat V1 5G, Virat V1 Key Specifications Confirmed Before India Launch
  4. Here's How Much the iQOO Z11 Lite Could Cost in India
  5. Here's When the Poco M8 Power, Poco X8 Could Launch in India
  6. OnePlus Exits US, Europe, Continues Operations in India: 5 Things to Know
  7. Redmi Note 17 Pro Global Variant Appears on NBD Database Alongside Poco Model
  1. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  2. Google Pixel 11a Codename Reportedly Spotted in Phone App
  3. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  5. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  6. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  7. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  8. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  9. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
  10. Asus Pad India Launch Date Announced as Company Reveals Key Specifications
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.