The Latest in IT Security

Is that URL for real?

20
Sep
2011

Here’s a fairly standard bank phishing email, targeting a bank in India:

Reserve Bank of India phishing

Nice touch with that “Beware of Phishing” warning…

Let’s look at the attached HTML file:

Reserve Bank of India phishing

You got to be kidding me? The page has redirection to
http://amen.fr.softms.com.netwayexchange.com.liberty-textiles.org.v2nmobile.com.manchesteraircooled.com.blackcountrymortgages.com.cardiorenew-europe.com.solhosts.com.giveupthecigs.com.extravite.com.taxrepay.co.uk? That hostname can’t possibly work…

Except it does.

Reserve Bank of India phishing

The redirection goes to reserve.bank.minecraftarena.fr. And the front page of minecraftarena.fr shows a fake “account suspended” message. Nice touch.

The phishing page looks like this:

Reserve Bank of India phishing

The ultimate target of the attack is to collect bank logins and credit card numbers:

Reserve Bank of India phishing

Thanks to Ravikiran for help.

Leave a reply


Categories

THURSDAY, SEPTEMBER 19, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks