RBI Phishing

Very recently we came across a phishing site which emulates RBI and steals the login credentials of RBI users. However, it seems like a spear-phishing attack targeting the users of a specific bank.

The perpetrators have taken the efforts of not just registering the domain rbin-org[.]in, but have also cloned the entire RBI site up-to the first level of the available links. In previous instances we have observed RBI phishing attacks which try to emulate the login panels of almost all the existing banks . This seems to be different as its not targeting the normal Banking Users at large but is targeting specific users.

It is also to be noted the the fake site doesn’t have a SSL Certificate, however even RBI’s official website has a broken SSL Certificate.

Website Security certificate
General Details RBI one

The Phishing Site


Detection Algorithms

We at eScan invest our resources to come up with algorithms which weed out the human factor and try to merge the human intelligence with heuristic , computer assisted algorithms. The first one being Smart Phishing Filter or SURL , about which we have written a great detail with live examples about the success of it. SMART Phishing Filter / SURL detects these phishing links with accuracy.

The other experimental algorithm is the Doppelganger Domain Detection, which is more about the detection of typo-error type domains which most of the time fail to get detected at all levels.

The results of both the algorithms have been shown in their raw format.

SMART Phishing Filter
Domain Effect

Readers may choose to read more about SURL / SMART Phishing Filter and Doppelganger Domain Detection over here.


Statistical URL Analyzer

MalwareMustDie – BH EK version 2

SURL Analyzer – to Believe or not

CitiBank – A Phishing attempt

Statistical URL Analyzer – with MetaSploit

Statistical URL Analyzer – with MetaSploit and SET

SURL – Tweets and Phishing

eScan-14: Dynamic Phishing FiltereScan – 14: Filtro de Phishing Dinámico

Phishing – Blocked by htaccessPhishing – Bloqueado por htaccess

Facebook – RedirectURL Phishing AttackFacebook – Ataque de Phishing

India Phishing Inc.

Phishing: Customer Satisfaction Survey

Doppelganger Domain Detection

BEC – Business Email Compromise

This entry was posted in eScan 11, eScan 14, MailScan, Security and tagged , , , , , , , , , , , . Bookmark the permalink.