"Hackers Target National Portal of India via 'Unprecedented' Phishing Technique"

Cybersecurity researchers discovered an unprecedented and sophisticated phishing tactic that has been used against official government websites globally, including the Indian government's portal. According to the Artificially Intelligence (AI)-driven cybersecurity company CloudSEK, threat actors have been targeting the Indian government's portal by using a fake URL to deceive customers into providing sensitive information such as credit card numbers, expiration months, and CVV codes. Hackers are imitating the browser window of the Indian government website, most often SSO (single sign-on) pages, with a unique login, in an advanced phishing technique commonly known as Browser-in-the-Browser (BitB) attack. In order to steal user credentials and other sensitive data, like personally identifiable information (PII), BitB attacks spoof trustworthy websites. As a result of the BitB attack, a new URL appears that seems real. The malicious actors have also replicated the user interface of the original page. A pop-up window posing as a notification from the Home Affairs Enforcement and Police displays on the fake window once victims click onto the phishing page, claiming that their systems have been blocked. Users are then informed that their continued access to pornographic websites violates Indian law and are asked to pay a fine of Rs 30,000 in order to get their systems unlocked. To pay the fine, they are given a form to fill out, which requests personal information, including credit card information. Because the warning has a sense of urgency and appears to be time-bound, the victims panic. The information entered by the victims into the form is sent to the attacker's server. This article continues to discuss the BitB attack impacting the Indian government's portal. 

IBT reports "Hackers Target National Portal of India via 'Unprecedented' Phishing Technique"