SBI warns of WhatsApp scam duping people


14 Mar 2019

Fraudsters are using WhatsApp to dupe SBI customers: Here's how

India's biggest public lender, the State Bank of India, has issued a notice warning its customers about a potential WhatsApp scam.

According to the bank's notice, fraudsters are trying to dupe unsuspecting customers by tricking them on the messaging platform.

They are, apparently, fooling customers into giving away their confidential banking credentials and are stealing OTPs from their phones.

Here's how this happens.


SBI warns to stay alert

SBI warns to stay alert

SBI's notice, shared recently on Twitter, warns about 'certain' fake messages asking for banking details.

"The Bank is aware of certain messages", the notice reads, "being circulated/forwarded via WhatsApp and social media, to the effect that our esteemed customers are getting messages advising about an OTP (One-Time Password) in respect of a transaction not purported to have been originated by the miscreant."

Here's the full notice

Love Tech news?

Stay updated with the latest happenings.

Yes, notify me


Here's how the scam exactly pans out

Though SBI's warning informs about fake messages and their impact, it doesn't delve into the details of the scam.

A report from The New Indian Express, however, explains this, noting that fraudsters basically social engineer their targets into giving away their card details.

They promise an upgrade for credit/debit cards, and once the target agrees, they ask for their card number, CVV, and expiry.


Then, they send a link via WhatsApp

Then, they send a link via WhatsApp

After taking confidential credentials that can be used to initiate a transaction, the fraudsters share a link with their target on WhatsApp to complete the upgrade process.

This link, when clicked, downloads and installs a malicious app in the background.

The downloaded program starts running in the background, diverting all messages received on the infected device, including OTPs, to the fraudster's server.


This gives them everything to carry out a transaction

As OTP diversion starts, the fraudsters get everything they need to carry out a transaction.

From here, they can initiate online transactions on different portals and wipe your account clean.

Notably, as the scam revolves around details shared and the WhatsApp link, SBI has asked its customers to verify the authenticity of WhatsApp messages and refrain from sharing banking details, including OTPs, with anyone.

Warning number

You can warn SBI about suspicious activity

You can warn SBI about suspicious activity

While not sharing account details is good enough to keep your bank account from being hijacked, SBI also has a toll-free number (1-800-111109) to report suspicious or fraudulent activity.

If you notice something weird in your bank account, say like a transaction you never made, report the incident immediately to the bank which may investigate and get you a refund.

Share this timeline

State Bank of India





New Indian Express

One-Time Password



State Bank

Share this timeline

Ask NewsBytes
User Image

Most asked questions

How to avoid such scams?

Can an antivirus avoid such attacks?

Has anyone been affected from this scam?

Can scammers use other platforms as well?

More questions

How to avoid such scams?

Asked 2019-03-14 20:26:51 by Shaurya Tata

Answered by NewsBytes

You should not share your banking details with anyone or click on links sent by unknown individuals.

Can an antivirus avoid such attacks?

Asked 2019-03-14 20:26:51 by Ankita Patil

Answered by NewsBytes

Yes, a reliable antivirus program can help you avoid such scams.

Has anyone been affected from this scam?

Asked 2019-03-14 20:26:51 by Shreya Mukopadhyay

Answered by NewsBytes

As of now, it is not exactly clear if anyone has actually been duped in this scam.

Can scammers use other platforms as well?

Asked 2019-03-14 20:26:51 by Sanvi Sarin

Answered by NewsBytes

Yes, scammers can use any publicly available platform to reach you, including WhatsApp Facebook or even text messages.

Next Timeline