BOOM

Trending Searches

    SUPPORT
    BOOM

    Trending News

      • Fact Check 
        • Fast Check
        • Politics
        • Business
        • Entertainment
        • Social
        • Sports
        • World
      • Law
      • Explainers
      • News 
        • All News
      • Decode 
        • Impact
        • Scamcheck
        • Life
        • Voices
      • Media Buddhi 
        • Digital Buddhi
        • Senior Citizens
        • Videos
      • Web Stories
      • BOOM Research
      • BOOM Labs
      • Deepfake Tracker
      • Videos 
        • Facts Neeti
      • Home-icon
        Home
      • About Us-icon
        About Us
      • Authors-icon
        Authors
      • Team-icon
        Team
      • Careers-icon
        Careers
      • Internship-icon
        Internship
      • Contact Us-icon
        Contact Us
      • Methodology-icon
        Methodology
      • Correction Policy-icon
        Correction Policy
      • Non-Partnership Policy-icon
        Non-Partnership Policy
      • Cookie Policy-icon
        Cookie Policy
      • Grievance Redressal-icon
        Grievance Redressal
      • Republishing Guidelines-icon
        Republishing Guidelines
      • Fact Check-icon
        Fact Check
        Fast Check
        Politics
        Business
        Entertainment
        Social
        Sports
        World
      • Law-icon
        Law
      • Explainers-icon
        Explainers
      • News-icon
        News
        All News
      • Decode-icon
        Decode
        Impact
        Scamcheck
        Life
        Voices
      • Media Buddhi-icon
        Media Buddhi
        Digital Buddhi
        Senior Citizens
        Videos
      • Web Stories-icon
        Web Stories
      • BOOM Research-icon
        BOOM Research
      • BOOM Labs-icon
        BOOM Labs
      • Deepfake Tracker-icon
        Deepfake Tracker
      • Videos-icon
        Videos
        Facts Neeti
      Trending Tags
      TRENDING
      • #Operation Sindoor
      • #Pahalgam Terror Attack
      • #Narendra Modi
      • #Rahul Gandhi
      • #Waqf Amendment Bill
      • #Arvind Kejriwal
      • #Deepfake
      • #Artificial Intelligence
      • Home
      • Boom Reports
      • Got A Strange Text From HDFC Bank?...
      Boom Reports

      Got A Strange Text From HDFC Bank? This Is How The Phishing Scam Works

      Over the past week, many HDFC bank customers have fallen victim to a phishing scam and lost money in lakhs. What is this scam?

      By - Kaisar Andrabi |
      Published -  7 March 2023 6:14 PM IST
    • Boomlive
      Got A Strange Text From HDFC Bank? This Is How The Phishing Scam Works

      Kartik Bhat, a resident of Shivneri Nath Pai Nagar in Mumbai was browsing his phone on February 26 when he received an SMS claiming to be from HDFC bank. The message said his account would be suspended if he didn't update his KYC information using a link provided in the message.

      It was Sunday and Bhat was due to pay his son's college fees the next day. Fearing that his account may be blocked which could delay the payment, he hastily clicked on the link. It landed him on a webpage that looked like HDFC bank’s online banking log-in page.

      Bhat proceeded to enter all his account information— his account number, net banking password, mobile number, as well as his PAN and Aadhar details. Within minutes, his entire account balance was wiped out.

      “Money transferred INR 15,975 from HDFC Bank account number to account number ****3920,” an SMS sent from the bank to Bhat read.

      Bhat was a victim of a phishing scam.

      Over the past week, many HDFC bank customers have fallen victim to this exact same scam. They have all received fraudulent text messages containing links that claim to update their KYC and PAN details. In Mumbai alone, more than 40 cases of money fraud have been reported in a week including a popular TV actor, Sweta Menon, NDTV reported.

      Once a customer clicks on the link, it takes them to a webpage that asks for account details. If the customer adds in those details, they get an OTP. Once the OTP is entered on the site, the fraudsters sweep away the money in the bank account. The phishing website has a different URL than HDFC's official website. The URL of phishing website was -- https://rb.gy/nhbb9g while HDFC's URL is https://www.hdfcbank.com


      Menon told media that she learned about the scam only after she lost some thousand rupees after filling details in the website that looked like an HDFC one. "I entered two OTPs after clicking the link. One was about PAN OTP and other was KYC. Immediately I received two money transfer notifications and I realized that it was a scam," she told TOI.

      Hey @HDFC_Bank @HDFCBank_Cares someone is trying to scam your customers by sending this message, Please look into it and deal with this scamster. pic.twitter.com/5vQ8hJIesI

      — Sanjay Jha (@SanjayJha) March 4, 2023


      Scam message trying to steal data! @HDFC_Bank @HDFCBank_Cares please look into it. Have been receiving multiple such messages. #hdfcbank #cybercrime pic.twitter.com/ntiiVnWfNX

      — Avni Raja (@avniraja) March 1, 2023

      How The HDFC Phishing Scam Works

      Phishing is a cybercrime in which fraudsters create replicas of official websites and then a target is contacted by email, SMS, or telephone to lure them into providing their personal information like banking information, card details, and password.

      In the parliament session in August 2022, the government informed parliament that over 9 lakh incidents of phishing and vishing were reported in India between 2020-22.

      Bhat was also asked to share all these details. And while he was filling it out, a beneficiary account was added to his account by sending him SMS that reads, “You have added/modified a beneficiary Kyc update to HDFC bank netbanking, for online transfer funds through NEFT/RTGS/IMPS.”

      The page next asked him to enter the OTP that he was texted. “I entered the OTP without realizing it was about money, all my money got debited,” he told BOOM.

      Bhat blames the bank for facing this fraud. A few days ago, he had gone to the branch to get his KYC updated. However, due to some technical glitch, the confirmation remained pending. “I would not have clicked the link if I would have been updated by the bank. I lost my money because of it,” he said.

      The KYC process is mandatory for bank customers to verify their identity and in recent years, fraud KYC cyber cases have witnessed a significant rise. Cyber cells record new cases of online fraud every day and try to solve them and recover money. In some cases, the criminals are tracked and the money is also recovered. In many instances, victims never get their money back.

      Speaking to BOOM, Shubham Singh, a cyber security expert who works closely with government investigation agencies said phishing scams are very prevalent in India because it is very easy to create any kind of fake website which will look similar to any official website. He said there are so many default grids available online to do so.

      “Cyber scammers use social engineering to manipulate people, especially in festival seasons by sending messages like KYC pending, offers, shopping sites, etc and all those links are phishing pages to get credentials of users,” he explained.

      Singh said cyber crimes are rising on a daily basis, and the law enforcement department is providing technical training to tackle them. “The main problem is that cybercriminals target people from different states because they know it's difficult for police to catch them by visiting their states,” he explained.

      What Are The Officials Doing?

      A senior official from HDFC bank, who wished to remain anonymous, said that they are unaware of how the fraudsters are operating the HDFC mirror website to deceive customers and extract money.

      “It is impossible to add anyone as a beneficiary before a period of thirty minutes and we have no idea how they are operating this mirror website. Instant money can only be deducted from a customer's account if they make an e-commerce transaction,” he said.

      Bhat reported his loss to the nearby Pant nagar police station and also informed his bank about the fraudulent transaction he had experienced.

      Madhu Chibber, the head of corporate communication at HDFC bank, told BOOM that the bank has been constantly advising its customers to be cautious of such fraudulent messages. She added that the bank never asks for any OTP or personal details from its customers, and its website is secure and cannot be breached. She further explained that these phishing websites only work if the customers themselves willingly share their personal information.

      To raise awareness among its customers, HDFC bank has established a team who shares videos and other information online to keep customers informed about such frauds. “We are working closely with government security agencies and have an internal security team that works with law enforcement to address such issues,” she said.

      Chibber explained that the fraudsters don’t target customers of HDFC bank only but other banks as well.


      According to Bhat, “When I checked where the amount was transferred, it showed that your money had been transferred to IDFC bank Kolkata branch VIP Road. It was a savings account. I tried to verify the name of the account holder but I couldn't get more details.”

      BOOM contacted the Pant nagar police station in Mumbai regarding Bhat's complaint. The Station House Officer said, “We have forwarded the complaint to Rudrapur's cyber cell and they are investigating the matter.”

      Tags

      #ScamPhishingHDFC Bank
      Read Full Article
      Next Story
      Our website is made possible by displaying online advertisements to our visitors.
      Please consider supporting us by disabling your ad blocker. Please reload after ad blocker is disabled.
      X

      Subscribe to BOOM Newsletters

      👉 No spam, no paywall — but verified insights.

      Please enter a Email Address
      Subscribe for free!

      Stay Ahead of Misinformation!

      Please enter a Email Address
      Subscribe Now🛡️ 100% Privacy Protected | No Spam, Just Facts
      By subscribing, you agree with the Terms & conditions and Privacy Policy connected to the offer

      Thank you for subscribing!

      You’re now part of the BOOM community.

      Or, Subscribe to receive latest news via email
      Subscribed Successfully...
      Copy HTMLHTML is copied!
      There's no data to copy!