HQ/EMEAFind out how we can help your business
In 2011, the Government of India and the Reserve Bank of India (RBI) began the initiative project of introducing the Customer Service Point (CSP)/Business Correspondence (BC) programs that aim to leverage technology and empower individuals or entities to act as intermediaries or agents of banks, providing basic banking services in remote areas where the presence of physical bank branches was limited or absent in India.
Many established and known financial institutions in India followed this initiative to provide this service and soon tied up with many sole and group entities to have this program become successful. Each financial institution has created its rules in compliance with the mandate from the government and RBI. They can offer services such as account opening, cash deposits and withdrawals, fund transfers, loan applications, and other basic banking transactions. For the State Bank of India, they created the term Bank Mitra in compliance with this initiative.
However, these programs, built on trust and reliability, have been abused by threat actors seeking to exploit unsuspecting customers. Our researchers in iZOOlogic have discovered a similar incident regarding India’s CSP Bank Mitra being exploited by threat actors to steal from Indian users and have encountered over 35 fake CSP websites propagating online.
Threat actors manipulate their targets by leveraging fraudulent Customer Service Point websites to steal sensitive financial information.
To make their fraudulent websites appear legitimate, threat actors utilise a variety of tactics, including recreating banks’ branding and logos to deceive visitors. They may also employ techniques like typosquatting and registering domains closely similar to the bank’s official website, leading users to land on the fraudulent site inadvertently.
In these incidents, the hackers created fake bank assistance websites that mimic the appearance and functionality of legitimate banking platforms. Through manipulation and social engineering techniques, users are tricked into believing they are engaging with real customer service representatives, not knowing their data is on the verge of being nicked by malicious actors.
Furthermore, threat actors exploit people’s psychological weaknesses to make their schemes more convincing. They employ social engineering techniques, such as urgency and fear, to push users to act impulsively. For example, they provide fake certificates from the bank and RBI to gain the trust of their customers.
Once users fall into the trap of providing their details, the threat actors will harvest this information for malicious purposes like identity theft, unauthorised access to bank accounts, or being sold on the dark web to other threat actors.
For users, it is important to stay informed about such scams and the tactics employed by threat actors. Cybersecurity experts advise educating yourself about the latest cyber threats and spreading awareness to others.
Users must always verify the authenticity of the website they are interacting with. Review the website’s URL, SSL certificate, and the presence of security indicators in the browser’s address bar.
Moreover, avoid clicking on links provided in unsolicited emails or messages when seeking bank assistance. Instead, directly visit the bank’s official website or contact their customer service through verified channels.
If you encounter a suspicious website or suspect phishing activity related to CSP Bank Mitra or any financial institution, relevant authorities must be contacted immediately so that proper action can be taken to resolve the threat and protect other potential victims.
The abuse of Customer Service Point (CSP) programs to promote fake bank assistance online is a critical concern that demands vigilance from financial institutions and customers. These malicious schemes can be thwarted by remaining informed, practising caution, and adopting proactive security measures.
