Hacker Alert in India: Hackers Can Use National Portal URL to Trick Users into Sharing Sensitive Information
Cybersecurity researchers said on Thursday they discovered an “unprecedented and sophisticated” phishing technique that targeted government websites across the world, including the Indian government portal. https://india.gov.inextorting affected users.
Threat actors targeted the Indian government portal using a fake URL to trick users into submitting sensitive information such as credit card numbers, expiration months and CVV codes, according to the cybersecurity firm powered by CloudSEK AI.
Hackers mimic Indian government website browser window, most commonly SSO (single sign-on) pages, with single sign-on, in most advanced phishing technique commonly known as Browser-in-the-Browser (BitB) attack ).
BitB attacks mimic legitimate sites in order to steal user credentials as well as other sensitive data, such as personally identifiable information (PII).
The new URL that appears as a result of the BitB attack appears legitimate.
“The bad actors also replicated the user interface of the original page. Once their victims clicked on the phishing page, a pop-up appeared on the fake window claiming that their systems were blocked, impersonating for notification of police and Home Affairs Enforcement,” the researchers say.
Users are then notified of their excessive use of porn websites, which is illegal under Indian law, and are asked to pay a fine of Rs 30,000 to unlock their systems.
“They are given a form to complete in order to pay the fine, which asks them to disclose personal information, including their credit card information. Victims are panicking as the warning has a sense of urgency and appears limited in time,” the researchers said.
The information victims enter into the form is transferred to the attacker’s server.
Once the attackers obtain the card information, it can be sold to other buyers in a wider network of cybercriminals, or the victim can be extorted for additional money.
The BitB attack begins when users try to log in to a website and click on a malicious link that appears to them as an SSO login popup.
When users visit the provided link, they are prompted to log in to the website using their SSO credentials. After that, victims are sent to a fake website which looks exactly like the SSO page.
The attack typically boosts single sign-on windows and displays fake websites that cannot be distinguished from the original page.
“Combine SSO with MFA (multi-factor authentication) for secure login across all accounts, check suspicious logins and account takeovers, and avoid clicking on email links from unknown sources,” the researchers suggested.