Face Verification
Address Verification
Document Verification
Age Verification
Video KYC
Fast ID
eIDV
NFC Verification
Consent Verification
Business Verification
Due Diligence
Investor Verification
E-Signature
Behavioural Biometrics
Device Fingerprinting
MFA
AML Screening
Business AML Screening
User Risk Assessment
Transaction Screening
Adverse Media Screening
Identity Verification
KYC
KYB
KYI
Bonus Abuse
Banking
Crypto
Fintech
Forex
Gaming
Gig Economy
Marketplace
Social Networks
Product Managers
Compliance Officers
Fraud Analyst
Global Trust Platform
Journey Builder
Content library
Blogs
News
Reports
Insights
Knowledgebase
ROI calculator
Blind Spot Audit
Deepfake Detection
Liveness Spoofs
Document Originality
Document Deepfake
Events & Webinar
Interactive Demo
Podcast Studio
Spotlight Studio
API Documentation
Mobile SDKs
Service Status
Help Center
Contact Us
Technical Support
Compliance
Supported Document
About
Career
Press Release
Certifications
Partnership
Awards
Phishing Scam affects thousands of Banking App users
Thousands of customers have been exploited by a fake mobile banking app. The customers were sent phishing scam messages by the application to trick them into giving up their login details. According to Cybersecurity researchers at Lookout, the campaign is based around a text message which attempts to maneuver the victim into visiting false websites claiming to be those of the famous United States and Canadian banks.
Nearly 4000 people have been reported to fall victim to the malicious links that were part of the phishing campaign. The process works by notifying the users that the bank’s security system has identified unusual activity on the user’s account, thereby prompting them to open a unique URL, followed by extracting valuable information and data from the user.
Although the scammers behind the attacks are not aware of the bank their potential victim is a customer of, they manage to send enough messages with the names of different banks to enough users, that some of the banks coincidently match with the right customer. Some of the customers follow the harmful link, leading to a fraudulent website that has a design similar to their bank’s original website.
Not only will the spoofing website extract sensitive data such as username and password from the user, but also ask other relevant security questions to confirm their identity such as asking for their card’s expiry date or double-checking the account number. This is to ensure that the fraudsters are well-equipped with all the information needed to steal the user’s account details. The account information can then be used to either make false transactions with the victim’s money or potentially to sell sensitive data to underground forums.
Apurva Kumar, the staff security intelligence engineer at Lookout stated that the campaign showed them how convenient it was for a less computer-savvy person to get involved in phishing by gaining access to an off-the-shelf phishing kit. Using the kit, The attacker can easily target potential victims in large numbers via text messages and track performance with the simple user interface.
Lookout has informed all the banks that were affected by the malicious campaign and all of the phishing sites have been closed down. But there are still chances of such occurrences in the future. In order to effectively protect oneself from such attacks, one should be aware of the links sent to their mobile phones, whether through email or text message. One should instead develop the habit of proceeding to a login screen using a bookmarked link or the official website of a service they want to use rather than blindly following a unanimous link.
