At least 26 Indian banks have been victims of theft of personal information of customers by phishing websites, according to US-based cyber security firm FireEye. These banks include HDFC Bank, ICICI Bank, IDBI Bank and State Bank of India, FireEye said after it released a research report. The security firm has said it has come across a new domain called csecurepay[.]com since 23 October and this domain pretends to be an online payment gateway but is actually is a phishing website. It fools customers to give out personal information like card numbers, PIN and email addresses while acting as a payment gateway facilitating an online transaction. Customer information from 26 Indian banks have been obtained by the website, FireEye said in a statement. The victims fooled to enter their account number, mobile number, email address, one time password (OTP) and other details as if it is initiating a transaction and once the information is collected, the website displays a fake failed login message to the victim. FairEye also said as part of the process the fraudsters even redirected the customers to a spoofed online banking page of the bank they selected where they are requested to login. FireEye has notified the Indian Computer Emergency Response Team (CERT-In) in this regard.
