State Bank of India has warned its customers of frauds on request to redeem SBI credit points. The bank has asked its customers to remain vigilant.
"Beware of reward points messages by fraudsters! Stay vigilant and be safe!," SBI informing its customers wrote on Twitter. The bank has also asked its customers to not share any sensitive information such as card/PIN/OTP/CVV/password with anyone. The bank has further added that it never asks for any sensitive details from its customers over the phone, SMS, or email.
The bank also posted an announcement which read, "Dear Customer, We have come across some media reports that cybercriminals are sending fraudulent messages to our customers in the name of SBI to lure them to collect reward points by clicking on a fake link and are thus fraudulently collecting customer's reward points by clicking on a fake link and are thus fraudulently collecting customer's sensitive information."
"We advise all our customers not to share sensitive information such as card/PIN/OTP/CVV/password with anyone. Please do not click on the link received through any email/SMS or open attachments/emails from unknown senders. We reiterate that SBI never asks for your sensitive details over the phone, SMS, or email," the notice read.
Recently, an investigation carried out by a Delhi based think tank reveals a phishing attack in which multiple users of State Bank of India (SBI) were targeted. The users were spammed with suspicious texts, requesting them to redeem their SBI credit points worth Rs 9,870.
Along with the message was a link, which when clicked takes you to a page where you need to fill a form-'State Bank of India Fill Your Details'. The form asks for personal information- name, registered mobile number, email, email password, date of birth. It also asks for sensitive financial details like card number, expiry date, CVV and Mpin. After the form is submitted, the user is directed to a "thank you" page.
CyberPeace Foundation, the think tank and Autobot Infosec Private Ltd carried out an investigation which revealed multiple details to prove that the entire thing is a phishing attack.