About two weeks ago, Kotak Mahindra AMC MD Nilesh Shah posted a tweet tagging HDFC Bank, asking it to act against two messages that he received on his mobile phone. “@HDFC Bank @HDFCBank_Cares, these two messages looks like fraudsters trying to steal data…,” he said.
The messages were from two separate mobile numbers and asked the user to click on a shortened URL link. Mobile messages like these have become increasingly common these days.
In 2022, various freemium SaaS (software as a service) platforms were abused by scammers to conduct phishing campaigns targeting popular brands like Amazon and Netflix, a recent study by CloudSEK, authored by Anshuman Das, said. Majority of these phishing campaigns were aimed at the Indian BFSI customer, the report added.
Also read: How inclusive is Indian digitalisation?
“Involvement of SaaS platforms in phishing campaigns has accelerated immensely. However, this growth was distributive. While services such as reverse tunnelling were constantly exploited throughout the year, other platforms such as Firebase Hosting and A2 Hosting were more actively exploited in the second half of 2022,” the report said.
Reverse tunnelling and URL shorteners platforms allow scammers to host phishing pages from their local machines and generate random URLs that cannot be detected by regular domain name scanning services, the report said. URL shorteners further obfuscate these and avoid detection, it added.
In 2022, CloudSEK conducted an analysis of 300 such website domains out of which 40 domains were hosted using A2 Hosting’s temporary domain functionality and 260 domains were hosted using the Hostinger’s preview domain feature, as per the report.
Das said “SaaS platforms provide services where users can go and create their own websites, but threat actors have started misusing them as they do not have to pay for domain. They have to pay little bit or no payment at all. This way they are able to create, in a matter of 10 minutes, a phishing website of target company.”
KV Karthik, partner at Deloitte India, says as per the Deloitte India Banking survey 2022, about 40% of the types of frauds can be attributed to digital and cyber-related issues. Mobile, internet banking frauds, identity and data theft, and phishing are currently the biggest concerns for the banks.
Also read: Maximizing India’s Semiconductor Success
“While issues like Nigerian fraud has always been existing, now fraudsters are developing more advanced innovative solutions to trick users. One such methodology is the use of SaaS platforms,” he said, adding that while customers’ education is an important tool which banks frequently undertake, customers should also be careful whenever they receive a link.
Amit Das, founder and CEO of Think360.ai, says there is a sustained rise in creative phishing and impersonation techniques where scamsters pretend to be banks or payment companies, or even pretend to be someone we might know. “As several database breaches happen, users data is available for harvesting and fraud. Lately, we have seen the abuse of the telemarketing codes as well, which suggests that scamsters are running large rackets,” the CEO said.
He added that shortened links are the easiest way of making unsuspecting users land on a lookalike phishing site. “This has started becoming the most common fraud method. These links are sent from very identical looking sender number or email ids, making people fall prey.”
A mid-sized private sector bank chief told FE that while certain messages with links similar to those of banks are being tried, it is not up to the extent of sim swapping yet. Advance threat analysis and strong security operation centres or SOS need to be used by lenders and other companies in order to prevent frauds from occurring, they added.
Further, Das says that whenever any brand gets targeted, they need to launch some campaign addressing the issues. Services like Zoho platform post an alert in every online form which seeks the user’s CVV or bank card details, a practise which other form services companies should follow, he said. “Platforms should also ban certain pages from being created, say of official banks or companies,” he added.