Latest


Hackers impersonating banks misuse Zoho Forms to steal users' information

  •   Tue, Nov 01 2022 07:07:23 PM

Bengaluru, Nov 1 (IANS): Cyber-security researchers on Tuesday said that threat actors using fake Twitter accounts are impersonating banking entities to steal victims' personal and payment information via Zoho Forms, a free online form builder from Zoho Corporation.

The threat intelligence team of AI-driven Singapore-headquartered CloudSEK discovered this phishing email campaign.

In this new campaign, said the researchers, the threat actors are misusing Zoho Forms to steal information from banking customers.

Whenever a customer tags the official banking customer care handle in a tweet, the fraudster pretends to assist them by providing a fake customer care number and an external shortened link that redirects to a Zoho Form service.

"The threat actor sets up a fake social media account (in this case, a Twitter account) with the brand logo as the profile picture. The fake account has a display name and username similar to the real account," according to security researchers.

Using these accounts, the threat actor comments on the Twitter posts of the banking customers seeking assistance or raising issues.

The threat actor provides the customer with a fake customer care number and a shortened URL.

"The URL redirects the customer to a Zoho Form page which asks the user to input the following details: First and Last Name, Credit/Debit Card Number, Expiry Date, CVV, Available Balance," the team noted.

Once submitted, the Personal Identifiable Information (PII) details are forwarded to the threat actor.

"We started investigating the mobile number used for contacting bank customers. Open-Source Intelligence (OSINT) performed on the number revealed that the number was also linked to a fake electricity bill payment scam. Several victims on different forums have flagged the same number," said a CloudSEK researcher.

The researchers highlighted that threat actors could use the collected PII to launch successful social engineering attacks against the victim. Threat actors will gain sensitive banking information, which may lead to financial loss.

To stay safe from such attacks, it is advised to identify and report domains impersonating brand names and trademarks. Bank customers should always double-check the URL or Twitter handle, said the researchers.

 
  

Top Stories

Excel MRI & Diagnostics inaugurated at Balmatta

  •   22 hours ago    1

Leave a Comment

Title: Hackers impersonating banks misuse Zoho Forms to steal users' information



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.

You might also like