What to do if I shared my OTP in a phishing scam?

Immediately report the incident to your bank and change all your passwords; consider contacting 1930 for assistance.

How can I identify vishing and AiTM phishing scams?

Look for unsolicited requests for sensitive information, and check if the caller's number seems legitimate.

How do I report this type of scam in India?

Report it via the cybercrime helpline at 1930 or file a complaint on cybercrime.gov.in to ensure proper action is taken.

What are the steps for recovering my money or protecting my accounts after a scam?

Contact your bank immediately to report unauthorized access, change your passwords, and follow their recovery process.

Cybercrime Groups Use Vishing and AiTM Phishing for SaaS Attacks

Verdict: Suspicious | Risk Score: 9/10 | Severity: critical

Category: phishing

How Cybercrime Groups Use Vishing and AiTM Phishing for SaaS Attacks Works

Two cybercrime groups, Cordial Spider and Snarky Spider, are conducting rapid and stealthy SaaS attacks. They employ vishing and Adversary-in-the-Middle (AiTM) phishing techniques to steal credentials, bypass multi-factor authentication, and gain access to multiple platforms via Single Sign-On.

How This Scam Works — Detailed Explanation

In the current landscape of cybersecurity threats, vishing and AiTM phishing techniques are being wielded by cybercrime groups such as Cordial Spider and Snarky Spider to target users of Software as a Service (SaaS) platforms. These groups often begin their attack by identifying potential victims through social engineering tactics, leveraging platforms like WhatsApp to reach out to users. They may initially pose as trusted contacts or even represent legitimate companies, effectively luring victims into a false sense of security. By sending messages or making phone calls, they can coax personal details or sensitive information from unsuspecting individuals. The premise might be as innocuous as 'We need to verify your account' or offering assistance, prompting victims to engage further.

Once the attackers have initiated contact, they employ various psychological tricks to manipulate their victims. This can include creating a false urgency, stating that the user’s account has been compromised or presenting an enticing but misleading proposition. They often script these calls to sound professional and reassuring, emulating customer support representatives from well-known banks or SaaS providers. In some cases, they might use technology to spoof the caller ID, making it appear as if the call is coming from a legitimate source, thus enhancing their credibility. This manipulation plays heavily on the victim’s emotions, making them more likely to comply with requests for sensitive information or to perform actions that can lead to credential theft.

Once victims have been successfully engaged, the scam progresses to a series of steps designed to extract information and bypass security measures. Victims might be asked to input their usernames or passwords into a compromised site that the attackers control, often presented as the legitimate login page of a familiar service. In cases of AiTM phishing, the threat actors intercept the login process, capturing the victims' credentials in real-time while the victims believe they are securely signing in. This method has become especially dangerous in India, with rising reliance on UPI and other digital payments, where once a scammer gains access to your account, they can quickly transfer money or misuse sensitive data linked to Aadhaar. After the initial access, the attackers can execute further actions without the victims’ knowledge, leading to severe financial losses.

The impact of such scams in India has been staggering. Recently, reports have noted over ₹500 crore lost to various online frauds, with SaaS platforms being a particularly high-value target due to their connected nature and reliance on Single Sign-On features. The Ministry of Home Affairs (MHA) and organizations like the Reserve Bank of India (RBI) have issued advisories cautioning users about these emerging threats, urging them to stay vigilant. CERT-In also has recommended measures to strengthen user awareness, especially with the rise in cybercrime targeting critical digital infrastructures. A higher number of cases are being reported, generating greater financial liabilities for consumers and banks alike, amplifying the urgency to act against such exploitative tactics.

As the landscape of cyber threats evolves, recognizing legitimate communications is crucial to defending against these types of scams. Victims must be alert for various signs that can indicate foul play. For instance, any communication that requests sensitive details like passwords or PINs is suspicious. Legitimate companies will never ask for such information through unsecured communication channels. Additionally, always verify the authenticity of a source, especially if approached through unsolicited calls or messages. Remember that secure communications generally come from official channels through email, directly through verified apps, or from official customer service lines. Education about these tactics empowers individuals to become the first line of defense against invasive cybercrime techniques.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Cybercrime Groups Use Vishing and AiTM Phishing for SaaS Attacks Target?

General public across India

Red Flags — How to Identify Cybercrime Groups Use Vishing and AiTM Phishing for SaaS Attacks

cybercrime
SaaS attacks
vishing
AiTM phishing
credential theft
MFA bypass
SSO
Cordial Spider

What To Do If You Encounter Cybercrime Groups Use Vishing and AiTM Phishing for SaaS Attacks

Report any suspicious activity immediately by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in.
Inform your bank about any sharing of your credentials to initiate protective measures on your account.
Change your passwords promptly for any accounts linked to the SaaS platforms you suspect might have been breached.
Enable Multi-Factor Authentication (MFA) for your sensitive accounts, as this adds an extra layer of security.
Monitor your bank statements diligently for unauthorized transactions and report them to customer support.
Educate your family members about these scams, particularly the tactics that vishing and AiTM phishing groups use.

How to Report Cybercrime Groups Use Vishing and AiTM Phishing for SaaS Attacks in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a phishing scam?: Immediately report the incident to your bank and change all your passwords; consider contacting 1930 for assistance.
How can I identify vishing and AiTM phishing scams?: Look for unsolicited requests for sensitive information, and check if the caller's number seems legitimate.
How do I report this type of scam in India?: Report it via the cybercrime helpline at 1930 or file a complaint on cybercrime.gov.in to ensure proper action is taken.
What are the steps for recovering my money or protecting my accounts after a scam?: Contact your bank immediately to report unauthorized access, change your passwords, and follow their recovery process.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.