Beware HDFC Customers! Scammers Target users with Netbanking Blocked SMS with Authentic-Looking Phishing Scam'
Beware of scammers sending fraudulent text messages (SMS) to HDFC users, new and old, saying "Netbanking Account will be Blocked" if PANCARD is not updated, The message is accompanied by a short link to a phishing site.
HDFC Bank SMS SCAM: Beware of Scammers sending HDFC Netbanking Blocked messages with Phishing links
Beware HDFC Customers!: With summer around the corner, scammers are gearing up for new phishing campaigns. Several internet users have reported receiving text messages (SMS) from random numbers claiming that their HDFC Netbanking Account will be blocked that day unless they update their PAN card by clicking on a short link. Interestingly, the link is generated using random short link generators with "HDFC", "HDFCPAN," and "HDFC.5" written as a suffix.
Although I no longer use HDFC's services, I received the scam message also. I have attached a screenshot of the message below along with messages received by others. Clicking on the link takes the user to a very authentic-looking page complete with the HDFC BANK logo, saying "Welcome to HDFC Bank Netbanking."
The website then prompts the user to enter their Customer ID, Password/IPIN, and Mobile number (as per bank records). For authenticity purposes, the website even displays the logo of "Norton Secured, Powered by Symantec." We did not find any spelling mistakes on the website, which is common with phishing websites. The only easy giveaway was that the site was hosted on "wordpress." The official HDFC Bank Netbanking website will always be on an HDFC domain.
The scammers aim to harvest Customer ID, Netbanking PIN/Password, and registered mobile number with this phishing scam. These details will allow them to access user accounts and siphon off funds.
To avoid falling victim to such scams, users should be cautious about clicking on links from unknown sources. They should also be wary of any messages claiming that their accounts will be blocked or deactivated unless they update their information. Additionally, users should always verify the authenticity of the website they are accessing by checking the domain name and SSL certificate. Finally, users should report any suspicious messages to their bank's customer service immediately.
How to check if the message is real or scam?
No BANK will ask for your PASSWORD/PIN via SMS
No BANK will send random shortlinks via SMS
No Bank will host their mobile site or full website on WORDPRESS
Always confirm with the Bank by calling your personal banker or official helpline, before giving out your personal details.