The messages also include a link that is navigated to the fake page of income tax e-filing. As per the New Delhi-based CyberPeace Foundation investigation, the hackers are targeting the users from the bank ICICI, State Bank of India, Punjab National Bank, Axis Bank, and HDFC. The foundation is working with firmAutobot Infosec that offers cybersecurity services.
The suspicious links are generated from France and the US that are collecting personal information and sensitive data of users. This trap can cause a huge financial loss for users. However, the link has no domain name or link with the Indian government. The IP addresses that are included are from third-party cloud hosting providers.
The plain HTTP protocol is used in this campaign that represents that is not a secure network and can be easily intercepted. Users are asked to download the application from a third-party source that will ask for unnecessary permission to access the device.
Users will be redirected to http://204.44.124[,]160/ITR that will look similar to the tax e-filing website. After the verification process, it will ask for sensitive information including PAN and Adhar number. Once the process is completed, users will be redirected to the fake banking login page asking for the password and username.
Hence, the hackers will have all the vital details about the users that will make it easy for them to hack into the account.