When Lavanya Mohan received a text message from "HDFC Bank", asking her to click on a link, she immediately knew something was off.
The finance writer and chartered accountant was told her net banking services would be suspended if she didn't update her PAN Card.
First, she was aware no bank sends its customers links. "Everything they want you to do will either be app-led or bank relationship manager led," she wrote in a Twitter thread.
Second, she looked closely at the language of the message. Mohan said it did not begin with the usual "dear customer" greeting and had an awkward sentence formation. Also, the text came from a mobile number.
The warning of service suspension was another red flag. "No bank can suspend ANYTHING of yours unless some govt authorities demand it and even that involves a due process," Mohan added.
It’s legitimately scary how good phishing and banking scams have become. Just 15 minutes ago I got this text and the link led to this VERY CONVINCING landing page.Here’s how you can spot a scam: pic.twitter.com/xLB12n646L
— Lavanya Mohan (@lavsmohan) February 23, 2023
But she decided to click on the link in the message to see how far the scammers would go. On the landing page, titled "Log in to PAN KYC", there were fields asking for the customers' user ID, password and mobile number.
To make it seem legitimate, a "Norton secured" badge had been added to the page.
Mohan admitted that the landing page was "excellent" and anyone could have fallen for it.
She said that on a closer look, she noticed the page had "HDFC KYC" and not "HDFC Bank" in its URL.
"The tells are so minor -- any one of us can fall for this given how distracted we are in our daily lives," she wrote. "And the smallest actions can have serious repercussions."
Her advice to bank customers was to speak to their relationship managers before taking any action and insist on doing all processes in person, in case someone calls, claiming to be from their bank.
Below her Twitter thread, more users shared their experience with fraudsters. At least two received the same message as Mohan.
One user was told their bank account would be closed if they didn't update their PAN Card by clicking on a link.
Another person said he received a call from someone claiming to be an ICICI Bank representative, telling him he had to do a KYC process online or their account will be suspended.
"They were so kind in the way they spoke, I almost fell for it (they even used the 'Dear Customer' bait in text)," he wrote. "The tell for me was the .apk file. Never download a .apk file."
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
