More HDFC Bank customers have reported incidents of phishing attacks in recent days as the social media outcry over these attacks mounts. Since the last week of February, many HDFC Bank customers have reported these incidents to the authorities after receiving phishing SMSes.
It has emerged that they may have now adopted a new modus-operandi to step up their game—donning the role of a protector. They are sending phishing links disguised as a verification process to fortify cybersecurity measures.
Earlier, they had warned people about their bank accounts being suspended and to update their know-your-customer (KYC) or PAN number through a link sent through an SMS before reopening them.
New Method Of Fraud
Fraudsters have created a fake HDFC Bank website, with a phishing link disguised as a verification process. The link is now being sent to HDFC customers.
Manoj Nagpal, the CEO of Outlook Asia Capital, has alerted about this threat on Twitter, with photos of the emails he received. Many other customers have also reportedly received similar messages. Nagpal has advised people not to click on the links sent through emails and SMSes.
Interestingly, when Nagpal and other customers reported this new fraud, two Twitter handles impersonating HDFC Bank and the @HDFCBank_Cares account immediately responded by asking them to contact a "secondary number". These handles are also fake, indicating the speed at which fraudsters operate. 669
“This is amazing, two fraud handles have already responded to the tweet asking for more details,” Nagpal said. The HDFC Bank subsequently clarified that these handles are not theirs.
Last week, hackers reportedly uploaded 7.5 GB of loan data of the HDFC Bank’s NBFC arm on the dark web. The HDFC Bank NBFC arm confirmed the data leak.
Meanwhile, to clear customer concerns, the bank said its messages would come only from its official IDs, hdfcbk and hdfcbn, placed under http://hdfcbk.io. “Remember, the bank will never ask for PAN details, OTP, UPI, VPA / MPIN, Customer ID & Password, Card No, ATM PIN & CVV. Please do not share your confidential details with anyone,” the bank said.
In 2021-22, commercial bank data showed that around Rs 128 crore Indians were victims of fraud related to ATM/Debit cards, credit cards, and Internet banking.
Hence, check the sender’s identity before acting on any SMS request, report any doubtful SMSes, or confirm bank alerts with the bank manager to avoid online fraud.
Online banking should be protected by two-factor authentication. You must enter your password and OTP each time you access your account. A fingerprint can even be used as a second password. Do not click on unidentified links and delete such messages.