New Delhi: Cyber-security researchers on Thursday said they have discovered an “unprecedented, sophisticated” phishing technique targeting government websites around the world, including the Indian government portal https://india.gov.in, which Extortion is being done from the affected users. According to AI-powered cyber-security firm CloudSEK, the threat actors are targeting the Indian government portal to trick users into submitting sensitive information such as credit card numbers, expiry months and CVV codes using a bogus URL.
Hackers are imitating the browser window of a Government of India website, often the SSO (single sign-on) page, with a unique login, in one of the most advanced phishing techniques commonly known as browser-in-the-browser (BITB) attacks. is referred to as. BitB attacks mimic legitimate sites to steal user credentials as well as other sensitive data such as personally identifiable information (PII).
The new URL that pops up as a result of the BitBee attack appears to be valid. “Bad actors have also replicated the user interface of the original page. Once their victims click on the phishing page, a pop-up appears on the phony window that claims their system has been blocked, Presenting as a notification from Home Affairs Enforcement and Police,” claimed the researchers.
Users are then informed about their excessive use of pornographic websites, which is illegal under Indian law, and they are requested to pay a fine of Rs 30,000 to unlock their systems. They are given a form to fill out to pay a fine, which asks them to reveal personal information, including their credit card information. Victims panic because the alert has a sense of urgency and appears to be timely. ,” the researchers said.
The information entered in the form by the victims is transferred to the attacker’s server. Once attackers get to know the card information, it can be sold to other buyers in a larger network of cybercriminals, or the victim can be extorted for extra money. The BitBee attack is triggered when users try to connect to a website and click on a malicious link that appears to them as an SSO login pop-up window.
When users visit the given link, they are asked to log in to the website using their SSO credentials. After that, the victims are directed to a fake website that looks exactly like the SSO page. The attack typically provokes a single sign-on window and displays fake websites that cannot be distinguished from the original page.
“Combine SSO with MFA (Multi-Factor Authentication) for secure login across all accounts, check suspicious logins and account takeover and avoid clicking on email links from unknown sources,” the researchers suggested.