Category Archives: Mobile

Phishing attack leveraging SMS ban

 

Today morning was just about going as usual till I noticed an email. It seemed to originate from AXIS bank and it had an HTML attachment and it was an important announcement.

The contents of the email looked valid considering Government of India had placed a ban on sending of bulk SMS till 29th. Now I am not sure if such ban holds good for financial institutions. But some smart bloke seems to have capitalized on this ban. The email stated that:

“In view of the Govt. of India directive to mobile operators, all the corporate sms messaging services have been blocked for the next 72 hours. This period may increase. In view of this exigency, Axis Bank Net Secure Code and transaction alerts delivery has been effected. Therefore, till the Govt. of India permits restoration of the system. 

Axis Bank customers may not be able to conduct Internet Banking transactions that use SMS for delivering the NetSecure code. This is a regulation by Govt. of India and beyond Axis Bank’s control.

We have attached a form to this email. Please DOWNLOAD the form attached to this email so that you can fill and submit it Online to us , so that we can verify your account , After the Govt. of India permits restoration of the system. .
NOTE: The form needs to be opened in a modern browser which has javascript enabled ( Internet Explorer 7, Firefox 3, Safari 3, Opera 9)”

Now unlike the other phishing emails that I have encountered this one seemed different and the content (read grammar) also looks more in line from a professional agency and in tandem with the events that are happening in India.

This is the snapshot of the email:

 

Phishing Email targetting Axisbank

 

I opened the HTML attachment, after a customary scan from AV. Now although this looks authentic, but is a bit suspicious because it is asking for too many private details that should evoke second thoughts from anybody. Generally any phishing attack would ask for username, password, cvv details at the max. But this one is prompting for ATM PIN,Transaction password, Secure Code/Verified by Visa, Email details. And unlike others where you enter the details on a site, it is sending an attachment to be filled and submitted. Modus Operandi is slightly different.

I bet someone who is familiar with Axis bank’s online transaction mechanism has set this up because Axis bank requires transaction password in addition to the details mentioned above for a online transaction. Now, the form is a html attachment and when you open everything looks authentic just take a look below.

 

 

 

Phishing HTML attachment targetting Axis bank

This is it, but once you look at the page source carefully you will realize the bait. Using the POST method, all details would go to the URL specified instead of Axis bank:

 

Phishing URL targetting Axis bank

 

A Whois lookup for the domain above lists that is based out of Poland. All I can do is just notify Axis bank of this. It would have been better if the Government of India or the financial institutions have had made it clear if their services would continue to operate or be impeded due to this SMS ban.

Take care and please spread a word to ensure people do not fall for this

UPDATE:

I would have thought that the content in their email was written by a smart bloke, but it’s actually flicked from Axis Bank’s login page!

11 October

Received another Phishing email with the similar modus operandi , this time targeting ICICI Bank and hosted at:

 

Phishing email targeting ICICI customers


17th October

Another day, another Phishing email. The phishers are just not leaving any stone unturned as they target every bank with an online presence, this time targeting customers of HDFC Bank and hosted at:

 

 

Phishing email targeting HDFC Bank customers

Here is the Phished URL:

 

 

Phishing email targeting HDFC Bank customers

Oh Wait..I think I just saw a similar email targeting Punjab National Banks’s customers land in my inbox!….

 

Airtel GPRS Mobile Office Tariffs and Activation Codes

If you look-up for Airtel’s GPRS and Mobile Office connections details on their website, I am sure you will go around in circles. The last resort is their paid support (Yes, Airtel now charges 50 paise per 3 minutes for contacting their customer support via phone). Having been through this, I am posting the following information that you could leverage if you were to avail Airtel’s GPRS services.

Listed below are Airtel’s g various packages, Download limits, tariffs and Activation/De-activation codes. Hope you find them useful.

 
Airtel-GPRS Pack Download Limit /month Tariff/month SMS Activation Code SMS De-Activation Code
Airtel GPRS 99 Pack 300MB 99 MO99actv Send it to 222 MO99CNCL 222 Send it to 222
Airtel GPRS 199 Pack 1 GB 199 MO99actv Send it to 222 MO199CNCL 222 Send it to 222
Airtel GPRS 299 Pack 2 GB 299 MO299actv Send it to 222 MO299CNCL 222 Send it to 222
Once you exceed your Download limit, the charges for additional data is charged @ 30 paise per 50KB
Airtel’s Unlimited Mobile Office Plan Rs 140/-per week MO Send it to 56122 MO CNCL Send it to 56122

It is advisable for you to please check with Airtel’s customer service before activating them.

~~~~ Update 25th October 2010 ~~~~

Airtel has officially announced a package of Rs 98 /– GPRS plan for postpaid customers wherein, the download data limit is 2 GB.