Tag Archives: Security

Phishing attack leveraging SMS ban

 

Today morning was just about going as usual till I noticed an email. It seemed to originate from AXIS bank and it had an HTML attachment and it was an important announcement.

The contents of the email looked valid considering Government of India had placed a ban on sending of bulk SMS till 29th. Now I am not sure if such ban holds good for financial institutions. But some smart bloke seems to have capitalized on this ban. The email stated that:

“In view of the Govt. of India directive to mobile operators, all the corporate sms messaging services have been blocked for the next 72 hours. This period may increase. In view of this exigency, Axis Bank Net Secure Code and transaction alerts delivery has been effected. Therefore, till the Govt. of India permits restoration of the system. 

Axis Bank customers may not be able to conduct Internet Banking transactions that use SMS for delivering the NetSecure code. This is a regulation by Govt. of India and beyond Axis Bank’s control.

We have attached a form to this email. Please DOWNLOAD the form attached to this email so that you can fill and submit it Online to us , so that we can verify your account , After the Govt. of India permits restoration of the system. .
NOTE: The form needs to be opened in a modern browser which has javascript enabled ( Internet Explorer 7, Firefox 3, Safari 3, Opera 9)”

Now unlike the other phishing emails that I have encountered this one seemed different and the content (read grammar) also looks more in line from a professional agency and in tandem with the events that are happening in India.

This is the snapshot of the email:

 

Phishing Email targetting Axisbank

 

I opened the HTML attachment, after a customary scan from AV. Now although this looks authentic, but is a bit suspicious because it is asking for too many private details that should evoke second thoughts from anybody. Generally any phishing attack would ask for username, password, cvv details at the max. But this one is prompting for ATM PIN,Transaction password, Secure Code/Verified by Visa, Email details. And unlike others where you enter the details on a site, it is sending an attachment to be filled and submitted. Modus Operandi is slightly different.

I bet someone who is familiar with Axis bank’s online transaction mechanism has set this up because Axis bank requires transaction password in addition to the details mentioned above for a online transaction. Now, the form is a html attachment and when you open everything looks authentic just take a look below.

 

 

 

Phishing HTML attachment targetting Axis bank

This is it, but once you look at the page source carefully you will realize the bait. Using the POST method, all details would go to the URL specified instead of Axis bank:

 

Phishing URL targetting Axis bank

 

A Whois lookup for the domain above lists that is based out of Poland. All I can do is just notify Axis bank of this. It would have been better if the Government of India or the financial institutions have had made it clear if their services would continue to operate or be impeded due to this SMS ban.

Take care and please spread a word to ensure people do not fall for this

UPDATE:

I would have thought that the content in their email was written by a smart bloke, but it’s actually flicked from Axis Bank’s login page!

11 October

Received another Phishing email with the similar modus operandi , this time targeting ICICI Bank and hosted at:

 

Phishing email targeting ICICI customers


17th October

Another day, another Phishing email. The phishers are just not leaving any stone unturned as they target every bank with an online presence, this time targeting customers of HDFC Bank and hosted at:

 

 

Phishing email targeting HDFC Bank customers

Here is the Phished URL:

 

 

Phishing email targeting HDFC Bank customers

Oh Wait..I think I just saw a similar email targeting Punjab National Banks’s customers land in my inbox!….

 

Solutions for recovering stolen laptop

Data privacy and protection are the two main concerns faced by the mobile users today. Although, laptops have been around, it’s not until recently that it has generated quite a buzz in terms of ease and mobility. Some of you who have laptops will surely be worried about the surge in the theft of laptops. Even I was wondering on the technologies that could track stolen laptops and computing devices. Some of the things I could think of were – GPS dots (inspired by Hollywood movies), IMEI numbers as found in Mobiles or stealth softwares that would send the owner some email blah blah… .

All of a sudden, tracking and recovery of stolen laptops seem to have caught the attention of companies. Quite a few companies have lined up solutions in this space. Although, the effectiveness of these are yet to be proven, some of the technologies look very impressive but most of them seem have dependency on connection to internet. I am yet to see something listed above on the lines of Hollywood movies

However, a point to be noted is that almost all of recovery services require lodging a complaint with the police and the involvement of these Law enforcement agencies looks imminent. Here are some technologies for your convenience:

HP PC Tracing Service: www.hp.com

The HP India has launched a new service calledHP PC Tracing and Data Security Service (TDSS) service that helps locate stolen laptops and also lets the user permanently and irrecoverably destroy their sensitive data in a stolen computer to prevent unauthorized access or data breach. The HP service allows worldwide location tracking of the notebook, and it continues even after sensitive files and folders are destroyed, HP said.

The HP PC tracing service is available across the country. The PC Tracing Carepack for HP Business notebook will be priced at Rs 450 for 1 year and at Rs 1,000 for 3 years. The PC tracing service along with data destruction Carepack for HP Business notebook is priced at Rs 2,000 for 1 year and Rs 5,000 for 3 years.

LocateLaptop:http://www.locatelaptop.com/

This is an India based company that helps you track stolen/lost laptops. Their charges start from Rs 3000/- or 75 USD for. You will need to install their software and register online. The major disadvantage and turn-off from this is that it requires the user to be online. I think it could be similar to key logging software that can remotely send the captured data to a FTP site or email. In this case its email. In case stolen, you will need to send them the scanned copy of Police complaint and lodge a case with these guys online and they would give you the IP, ISP details etc which you will need to provide to Police.

Chances of recovery are next to impossible if the stolen laptop is never connected to internet or if the user reformats the system!

Computrace: www.Absolute.com

The ComputraceOne Agent is a small software client that can be embedded into the BIOS firmware “at the factory”, or installed like most software applications onto the hard drive of a computer.

The ComputraceOne application is loaded on the hard drive of a computer while support for the ComputraceOne agent is embedded in the BIOS or firmware. If the hard drive is reformatted or replaced, the ComputraceOne Agent support in the BIOS rebuilds the necessary application files on the hard drive as required by the customer. Currently supported OS include XP, 2000, Vista and Apple Mac OS X 10.2 onwards

The ComputraceOne Technology Platform is the client/server architecture that delivers Absolute Software’s Computer Theft Recovery, Data Protection and Secure Asset Tracking services. Thanks to the hands-free communication (over IP or PSTN) between the secure, patented ComputraceOne Agent client and the Monitoring Centre server, Absolute’s security services are exceptionally easy to manage on all computers across the enterprise.Currently, Absolute software offerings are available in US and Canada only. This one looks more robust, but a need for IP/PSTN connection makes it somewhat unreliable…
SOME TIPS For you take care of your laptop:

  • Try to minimize the use of laptop at public places. The WIFI enabled cafeteria may be very tempting you to show off that you are a geek, but it could also attract lot of unwanted attention, even virtually from the Network as well. Remember, never access emails or online banking from those Free WIFI hotspots as data could be easily sniffed.
  • Stay away from Fancy leather laptop carry cases. Good to stick with a backpack, as it is easier to carry and distribution of weight is even on shoulders.
  • Some laptops now come with TPM or Trusted Platform Module chips. Enabling these chips will secure your laptop from unauthorized login. Currently, there have been no reported successful break-ins on TPM. MS Vista is one of the recent OS that supports TPM.

Related Articles: