Hacker Alert in India: Hackers may use National portal URL to trick users for sharing sensitive info
Cyber-safety researchers on Thursday said they have discovered an “unprecedented, sophisticated” phishing method that has been targeting authority database across the world, involve the Indian authority portal , extorting the affected users.
The threat actors have been choose the Indian authority portal by utilising a bogus URL to trick users into give in sensitive details such as credit card digit , expiration months and CVV codes, even so to AI-driven cyber-safety firm CloudSEK.
Hackers are imitating the browser window of the Indian authority website, most often SSO (single sign-on) pages, with a unique login, in a most-advanced phishing method regulatory known as Browser-in-the-Browser (BitB) attack.
BitB attacks imitate legitimate sites in order to steal user credentials as well as other sensitive data, such as privet distant details (PII).
The new URL that pops-up as a result of the BitB attack appears legal .
“The bad actors have also replicated the original page’s user interface. Once their victims click into the phishing page, a pop-up look on the phone window claiming that their method have been blocked, posing as a notification from the Home Affairs Enforcement and Police,” the researchers claimed.
The users are then notified of their excessive use of pornographic database , and that is illegal below the Indian law, and are demand to pay a fine of Rs 30,000 to unlock their method .
“They are donor a form to fill out in order to pay the fine, and that asks them to divulge personal details , involve their credit card details . The victims become panicked because the warning has a sense of urgency and appears to be time-bound,” the researchers said.
Once the attackers get the card details , it might be sold to other costumer in a larger network of cyber law breaker , or the victim could be extorted for extra case .
The BitB attack begins when users attempt to connect to a database and click on a malicious link that looks to them as an SSO login pop-up window.
When users visit the give link, they are cause to log in to the database using their SSO card . behind there, the victims are sent to a bogus database that looks exactly like the SSO page.
The attack usually stimulates single sign-on windows and showing fake database that cannot be famous from the original page.
“Combine SSO with MFA (multi-factor authentication) for secure login across report , review for suspicious logins and account takeovers and ignore clicking on email links from unknown sources,” the analyst advice .