Fraudsters are using WhatsApp to dupe SBI customers: Here's how
India's biggest public lender, the State Bank of India, has issued a notice warning its customers about a potential WhatsApp scam. According to the bank's notice, fraudsters are trying to dupe unsuspecting customers by tricking them on the messaging platform. They are, apparently, fooling customers into giving away their confidential banking credentials and are stealing OTPs from their phones. Here's how this happens.
SBI warns to stay alert
SBI's notice, shared recently on Twitter, warns about 'certain' fake messages asking for banking details. "The Bank is aware of certain messages", the notice reads, "being circulated/forwarded via WhatsApp and social media, to the effect that our esteemed customers are getting messages advising about an OTP (One-Time Password) in respect of a transaction not purported to have been originated by the miscreant."
Here's the full notice
Here's how the scam exactly pans out
Though SBI's warning informs about fake messages and their impact, it doesn't delve into the details of the scam. A report from The New Indian Express, however, explains this, noting that fraudsters basically social engineer their targets into giving away their card details. They promise an upgrade for credit/debit cards, and once the target agrees, they ask for their card number, CVV, and expiry.
Then, they send a link via WhatsApp
After taking confidential credentials that can be used to initiate a transaction, the fraudsters share a link with their target on WhatsApp to complete the upgrade process. This link, when clicked, downloads and installs a malicious app in the background. The downloaded program starts running in the background, diverting all messages received on the infected device, including OTPs, to the fraudster's server.
This gives them everything to carry out a transaction
As OTP diversion starts, the fraudsters get everything they need to carry out a transaction. From here, they can initiate online transactions on different portals and wipe your account clean. Notably, as the scam revolves around details shared and the WhatsApp link, SBI has asked its customers to verify the authenticity of WhatsApp messages and refrain from sharing banking details, including OTPs, with anyone.
You can warn SBI about suspicious activity
While not sharing account details is good enough to keep your bank account from being hijacked, SBI also has a toll-free number (1-800-111109) to report suspicious or fraudulent activity. If you notice something weird in your bank account, say like a transaction you never made, report the incident immediately to the bank which may investigate and get you a refund.
