In recent SBI OTP Scam, several SBI customers are being lured by an OTP scam where they are asked to enter certain confidential information to avail gifts worth Rs. 50 lakhs. With technology evolving every second, financial security too gets strengthened by technological tools. But certain malicious hackers find out loop holes and use social engineering to trap vulnerable customers.


If you’re a customer of the biggest state-run bank State Bank of India (SBI), and you like to keep yourself safe by being updated with new information regarding scams, then this report is for you. Reportedly, there’s a new OTP scam where scammers are luring gullible customers by collecting their online banking information. They do it by sending an SMS with a link to a fake website. How does this scam work? What all methods are these hackers using? And what can you do to keep yourself safe? Let’s find out:

Also Read: Scam alert! Free Adidas Women’s Day Gift via WhatsApp message

How the SBI OTP Scam Works?

In a new concerning development for SBI users, hackers that have reportedly origins to China, are luring bank users with OTP phishing scams. The hackers send an OTP which asks them to update their KYC. The scam further promises free gifts worth Rs. 50 lakhs via WhatsApp forwards.

The news surfaced when a New Delhi-based think tank called CyberPeace Foundation’s research wing took cognizance of certain incidents in the name of the biggest state-run bank in the nation – State Bank of India. The think tank studied the incidents along with the help of Autobot Infosec, a cyber security firm.

The research team was quoted by several news platforms claiming-

“All the domain names associated with the campaign have the registrant country as China.”

What Method are Hackers Using in the SBI OTP Scam?

In the first investigation, the Think Tank studied that a text message comes which requests a KYC verification. After clicking the link, a page appears that resembles close to the official SBI login page.

Also Read: Celebrities Fall For Instagram Scam: What is it all about? How You Can Save Yourselves?

Method 1

After clicking ‘Continue to Login’, the website then redirects the customer to a page with the URL – full-kyc.php. On the KYC page, the scammers ask the customers their confidential KYC details such as their username, their password in order to lure the customers into believing that are updating their KYC. Meanwhile, this data is used by the scammers to login to the net banking accounts.

After that, the customer receives an OTP on their phone numbers. When the customer enters the OTP they receive, they are redirected to another page where some more confidential information is asked such as their mobile number, their date of birth.

The most concerning information in this scam as that the layout of the web page that the customer sees is eerily similar to the official SBI website.

Also Read: Update your PC! Microsoft Announced an Emergency Patch Fix for PrintNightmare Security Flaw

Method 2

In another investigation, the customers are promised attractive gifts for free and the think tank research team found that the scammers are using WhatsApp to redirect users to the link. After the customer enters on the landing page, a message appears which congratulates the user for winning attractive contest. The customer is then asked to take part in a survey to avail their gift worth Rs. 50 Lakhs.

Also Read: Apple Watch Saves Life of Woman Who Didn’t Even Notice She Had a Heart Attack

How can you keep yourself safe from such scams?

To keep yourself safe from such online banking scams, follow the following steps – as advised by SBI itself:

1) DO NOT share any confidential information and credentials such as card number, CVV, OTP, Net Banking ID/Password or other personal details. SBI will never send such messages to its customers explicitly.

2) DO be aware of fraudsters who may call you by pretending to be SBI, RBI, Police employees or other authority.

3) DO NOT click on links, attachments or other malicious sources which are from unknown sources.

4) DO be mindful of not responding to unwarranted offers from fraudsters which may promise you attractive rewards in the name of a financial authority.