Hacker Alert in India: Hackers may use National portal URL to trick users for sharing sensitive information
On Thursday, cyber-security researchers claimed to have found an “unprecedented, sophisticated” phishing tactic that has been extorting people from official websites around the globe, including the Indian government’s portal https://india.gov.in.
According to AI-driven cyber-security company CloudSEK, threat actors have been targeting the Indian government’s portal by using a fake URL to deceive customers into providing sensitive information such as credit card numbers, expiration months, and CVV codes.
Hackers are impersonating the browser window of the Indian government website, most frequently SSO (single sign-on) pages with a unique login, in a highly sophisticated phishing technique known as the Browser-in-the-Browser (BitB) attack.
BitB attacks imitate trustworthy websites to steal user credentials and other sensitive data, such as personally identifiable information (PII).
The new URL that emerged after the BitB assault seems to be authentic.
The users are then informed that using pornographic websites excessively is against Indian law and asked to pay a fine of Rs 30,000 to unlock their computers.
The attacker’s server receives the data that the victims enter into the form.
Once the attackers get the card information, they may sell it to more buyers in a bigger cybercrime network or extort additional funds from the victim.
When consumers try to access a website and click on a malicious link that appears to them as an SSO login pop-up window, the BitB attack starts.
Users are prompted to check in to the website with their SSO credentials when they click the provided link. The victims are then directed to a fake website that closely resembles the SSO page.
The assault typically activates single sign-on windows and displays phoney webpages that seem exactly like the real thing.
The researchers advised users to “combine SSO with MFA (multi-factor authentication) for safe login across accounts, monitor for unauthorised logins and account takeovers, and refrain from clicking on email links from unknown senders.”