Several customers of the State Bank of India have started filing complaints of losing their account money. The incident, which started in late September 2021, is suspected to be caused due to a bank phishing attack. India’s Computer Emergenct Response Team (CERT-IN) has sent out a prudent alert to all SBI customers to take action to protect their internet banking credentials and other sensitive information. CERT-IN believes this sensitive data is being phished, allowing the hackers to steal money from SBI accounts.
Here are some contentions of the bank phishing attacks
Here we are detailing some of the complaints received from SBI customers. From what the victims have stated, you can understand their confusion and regret over losing the money in their account. It’s just a short step from this kind of emotion to a total loss of trust in the bank.
One of the victims has registered a complaint with the city cyber cell for having lost ₹65,000. Yet another SBI customer was unhappy with the sudden loss of ₹40,000.
In Thalassery, Kerala, one of the victims of this bank phishing attack parted ways with ₹38,000 from their SBI account. She received a link to a spoofed page where she provided her PAN number.
R. Pradeep Kumar, an administrator at an eyecare hospital, has reported that he lost money (amount unspecified) in spite of never sharing an OTP with a stranger or making an ATM transaction. “I have been unable to access the SBI Yono online application for the past two days. Since part of a loan amount for house construction got transferred to my account two days ago, I have been trying to check the balance. At around 2 p.m. on Saturday, I received several OTP messages in my phone, which was followed by a message showing that ₹20,000 was withdrawn. I soon called up the customer care to block the card, but by that time, the person had withdrawn a total of ₹65,000. From checks I conducted, I came to know that the money was withdrawn somewhere from Jharkand,” says Mr. Kumar.
He is deeply unsettled that someone broke the daily withdrawal limits to siphon off such a big account. Mr. Kumar says that there could be still more victims of the cyber fraud, who just aren’t aware of it because they don’t check their bank records more frequently.
K. Jibin, another victim of the bank fraud, works at the Secretariat. He too faced challenges in accessing SBI’s online banking application. He had received notice that he needed to update his KYC details immediately if he did not want his account to be blocked.
“I logged in to the link provided, which looked exactly like the SBI website, and provided my PAN number as asked. Within minutes, I got a message that ₹20,000 was withdrawn. By the time I called up and blocked the card, ₹20,000 more was withdrawn,” said Mr. Jibin.
Preventing such phishing attacks
SBI officials have notably not given any comment on the matter. But the devastating effect this series of attacks will have will drive down their reputation and business.
Please do be aware of all cyber fraud practices: do not share your PIN, OTP number or CVV number with anyone. Do not act or share details with any suspicious calls, message, email.
More IT and security resources and updates.