The Indian government’s Computer Emergency Response Team (CERT-In) says phishing attackers have abused the ngrok platform to target bank customers, obtain sensitive information and carry out fraudulent transactions.
In a new form of attack, scammers send an SMS text message containing links which end with ngrok.io/xxxbank, said CERT-In.
If the victim clicks on to it and logs on to what is a phishing website using their internet banking credentials, the attacker generates an OTP for two-factor authentication which is delivered to the victim’s phone.
They then enter the OTP into the phishing site, giving the attacker access to the victim’s account and the ability to perform fraudulent transactions, CERT-In’s advisory said.
Defences against the scam include looking out for suspicious mobile phone numbers which do not look real as fraudsters often mask their identity by using email-to-text services to avoid revealing their actual phone number.
The cyber security service also suggests only clicking on URLs which clearly indicate the website’s domain and, when in doubt, check an organisation’s website directly via search engines to ensure the sites they are visiting are legitimate.
Hovering the cursor over a shortened URL would normally reveal the full website domain, CERT-In added.