The Latest in IT Security

RBC Royal Bank Phish Wading in the Wild


Our researchers at the AV Labs just netted one of the latest phishing attempts that prey on clients of the Royal Bank of Canada (RBC) or RBC Royal Bank. Below is the screenshot of the email phish being spammed in the wild:

Click to enlarge

This email from “RBC Online” masquerades as an alert notification message regarding a security update. Upon reading the message body, however, it asks the recipient to validate their account with the bank. Like most unsophisticated phishing attempts, this is a bit of an odd one, too, since validating an account has nothing to do with “security updates” or a “scheduled system maintenance”. Composition-wise, it doesn’t make sense, and it seems that the phishers behind this scam merely used terms and phrases that could get recipients to potentially click their link.

Clicking “VALIDATE” in the email body redirects recipients to tipoco(dash)gps(dot)com/tinymce/rbc/, which should have triggered some alarm bells by now. More than the URL, let us look at the page itself:

Click to enlarge

It looks like a fill-out form one would normally see when attempting to sign up for an account, doesn’t it? And if you find yourself asking this question, you’ll realise soon enough that this is not the page you expected where you could normally validate your identity. It is a page that simply asks for a lot of personal information and begs answers to specific questions one might have used as hints on other accounts. Furthermore, the page claims that it is secure; however, the absence of the URL access method, “https://”, tells you otherwise. The website icon used for this page does not carry RBC’s insignia.

Recipients of the email phish is then directed to this “thank you!” page after they fill out the form.

Click to enlarge

As of this writing, the phishing pages are still up.

This isn’t the first time RBC Royal Bank is targeted, so never fall for phishing scams such as this one. When in doubt, always look for the telltale signs (the URL, for example) that you might be somewhere you don’t want to be in. You might also want to check out this page for another variant of this phish.

Jovi Umawing (Thanks to Wendy for spotting this)

Leave a reply





Latest Comments

Social Networks