« Storm (updated)
Corporate Individual Responsibility »

Phishing attacks

I guess not everyone might know about phishing attacks. I wanted to explain with a good example for sometime, and I got one this morning:

Here’s the first screenshot, a mailer which says due to invalid login attempts my Axis Bank Net Banking account has been temporarily restricted and limited.

Mailer

Removing the restriction is simple, all I need to do is click on the link, go to the URL, enter my user ID and password and be done with it.

Everything looked genuine, till I saw the URL:
http://flachmotor.de/testshop/root/index.php?bank=www.axisbank.com

Why should a German site be so concerned about my online banking restrictions??

Here’s the fake version screenshot:
Fake Net Banking login page.

Here’s the actual AXIS BANK Net Banking page screenshot:
original-axisbank-netbanking.jpg

Very hard to tell the difference except for the missing verisign logo, and the warning message in RED.
I do not think many would actually read it. People tend to ignore the text so long as they see the open text fields to enter their details. Overall, a very professional phishing attempt.

Just for those who did not get the message till now, DON’T EVER CLICK THOSE MAILERS AND START ENTERING YOUR NET BANKING USER IDS AND PASSWORDS. It’s as good as sharing your user ID and passwords with the whole world.

This entry was posted on Thursday, September 18th, 2008 at 9:29 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “Phishing attacks”

  1. Nirenjan Says:
    September 18th, 2008 at 11:34 pm

    I thought Firefox might report it as an attack site, but apparently, no such luck. It probably hasn’t made it to the blacklists.

    I went into the site and gave a random fake ID and password, with it telling me “We have detected a problem with your account” and proceeding to ask me for my ATM/Debit card, transaction password and e-mail.

    As you said, the site looks almost exactly like the original. Also, the URL is also accessed using plain HTTP, not the secured HTTPS. So I think that should also be a point for people to check.

  2. Swaminathan Moorthy Says:
    September 19th, 2008 at 4:01 am

    Even I got this mail. But the fact is that I do not have an AXIS Bank Account :)

  3. prabukarthik Says:
    September 20th, 2008 at 11:14 am

    Nirenjan

    I guess a good percentage of people who use net in India are not tech savvy, and that number is only going to increase in the days to come with more broadband penetration etc. I guess such issues will get all the more common place.

    I myself do not know all the stuff that you’ve tried and commented. Thanks for this :0

  4. prabukarthik Says:
    September 20th, 2008 at 11:15 am

    Swami

    Sending mails to thousand IDs, and getting at least 10 ppl to enter their credentials will be worth the effort for those who indulge in this :)

Leave a Reply