InfoSecBulletin Cybersecurity for mankind
Hackers are targeting PNB MetLife insurance customers by using fake payment gateways to steal personal information and redirect victims to fraudulent UPI transactions. The scam takes advantage of PNB MetLife’s trusted image by creating fake mobile payment sites that look like real premium payment services.
Malicious pages collect policy numbers and customer information without checking their validity and quickly send the data to attackers.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The phishing operation mainly spreads via SMS, but it can also use email and social media.
Security researcher Anurag Gawande found several types of a phishing scheme during his threat-hunting efforts. He discovered that attackers used free hosting platforms, especially EdgeOne Pages, to quickly set up and change malicious sites.
The campaign shows a shift in financial fraud tactics, evolving from basic credential theft to complex operations that involve data theft and direct payment manipulation.
The attack starts slowly but soon intensifies as victims follow fake payment steps. After capturing initial details, the phishing page moves to collecting payment amounts and then offers UPI payment options.
This slow process creates false confidence while collecting various information from unaware customers. This threat is dangerous because it uses real payment apps for fraudulent transactions.
The scheme uses real UPI apps like PhonePe, Paytm, and Google Pay instead of fake payment processors, which lowers victim suspicion and raises chances of financial theft.
The sleek interface hides a complex data theft system using the Telegram Bot API. When victims enter their information, the phishing page covertly sends this data to Telegram channels controlled by the attacker instead of a real payment processing system.
An investigation revealed that multiple Telegram bots and operator accounts are involved in a phishing scheme. The bots “pnbmetlifesbot” and “goldenxspy_bot” gather information from victims, while accounts like “darkdevil_pnb” and “prabhatspy” track and obtain the stolen data.
