More than 13,000 ATMs. Over 4,000 bank branches. These figures only represent a large swath of victims in a massive phishing campaign that hit ICICI, the largest private bank in India.
Web security researchers at Comodo have spotted a targeted phishing campaign that is designed to lure potential victims into parting with their sensitive data such as banking credentials. The phishing attacks take the usual form of an email intended to imitate legitimate websites of a banking institution, in this case ICICI.
As we know already, a phishing campaign uses legit-looking emails, links and attachments that contain malicious software in them aimed at infecting computers and devices in an effort to steal data or track individuals. Each one of us sure is familiar with that strange email from somebody we do not know claiming that you have won the lottery in a particular country, but that before you can get your money you need to provide your banking details first.
This sort of cyber attack has grown in frequency over the years, and while most phishing campaigns come in their most basic forms, still millions of Internet users fall prey to the scheme.
But attackers are modernizing their strategy in order to lure users who have grown familiar with their style. For the ICICI targeted phishing campaign, the attackers tailored their email in such a way that it forces the victims to believe it is legitimate. The email reportedly forced the victims to take immediate actions or risk having their ICICI accounts closed in case of failure to comply.
The case is that of a psychological hook, in which attackers manipulate a sense of urgency in order to cause the victim to panic and take quick actions without thinking over about it. There is a sense of pressure on the part of the victim.
The emails used for this particular phishing campaign distributed messages that appeared to have originated from the ICICI bank itself, so it had a mark of authenticity. Recipients of the emails were required to update their bank information in order to avoid having their account being suspended permanently. But when a user clicks on a link that was supposed to lead to a login page, they were in fact redirected to a sham page designed to only steal their data.
Attackers always seek these pieces of data in an attempt to steal funds, replicate identities and conduct social engineering schemes.