An “unprecedented, sophisticated” phishing technique has been targeting government websites around the world, including the portal of the Indian government.
Threat actors are tricking users into submitting sensitive information such as credit card numbers, expiration months, and CVV codes by using a bogus URL.
When their victims visit the phishing page, a pop-up appears claiming that their systems have been blocked, impersonating a notification from Home Affairs Enforcement and Police.
When users attempt to connect to a website, they may click on a malicious link that appears to them as an SSO login pop-up window.
Users are prompted to log in to the website using their SSO credentials when they visit the provided link.
The victims are then directed to a bogus website that looks exactly like the SSO page.