State Bank of India Warns Customers of WhatsApp Scam
State Bank of India, one of India's largest state lenders, is warning its users about a certain WhatsApp message that might trick them into sharing sensitive account details.
In a post on Twitter, the bank warned customers about receiving fake messages asking them to share sensitive financial credentials.
"The Bank is aware of certain messages being circulated/forwarded via WhatsApp and social media, to the effect that our esteemed customers are getting messages advising about an OTP (One-Time Password) in respect of a transaction not purported to have been originated by the miscreant," the SBI notice read.
An App Diverts OTP to Scammer’s Phone
The New Indian Express reported how the fraudsters exactly dupe SBI customers via WhatsApp:
It is said that the scammers call the victims and convince them to upgrade their debit/credit card. Once they agree to upgrade, they are asked for their card number, CVV number and the expiry date of the card – all information that makes an online transaction possible.
Thereafter, the scammers send a link via SMS or WhatsApp and customers are asked to click on the link to complete the upgrade.
Once the app is downloaded on the user's phone, the "upgradation" process is complete.
With all the details of the customer's card and access to the OTPs that the bank usually sends to the customer's phone, the scammer is able to make transactions on his will.
In its warning on Twitter, SBI said that nobody can access an account without the successful validation of the two-factor authentication. However, the process of sending an OTP on the phone number is exactly what two factor authentication is – verifying with phone number. If The New Indian Express report is believed to be true, scammers have bypassed the two-factor authentication.
The bank further warned that customers should not share their details with anyone on the phone.
It is appalling how even after all the warnings from banks and well-wishers alike, that a bank would never ask for card details over the phone, fraudsters are still able to easily dupe customers.
(With inputs from The New Indian Express)