The link navigates the users to the landing page or fake website asking them to share the sensitive information of their account and card along with some personal details such as Mpin, CVV, expiry date, name, etc.
CyberPeace foundation, based in New Delhi, is investigating the matters with Autobot Infosec Private Ltd. according to the investigation, the data is collected and registered on the third-party platform under the SBI name.
The foundation said that SBI never interacts with the users via messages regarding their bank account details. It also added that any reputed banking institution or organisation will not use CMS technologies due to lower security and privacy policies.
The report states that the domain name is traced to Tamil Nadu, India. Additionally, the form also doesn’t use any basic validation of data types when it comes to taking inputs from users. This means that the number field can accept text input as well instead of numerical values.
The form is prepared without any validations or necessary data structure.