Very recently we came across a phishing site which emulates RBI and steals the login credentials of RBI users. However, it seems like a spear-phishing attack targeting the users of a specific bank.
The perpetrators have taken the efforts of not just registering the domain rbin-org[.]in, but have also cloned the entire RBI site up-to the first level of the available links. In previous instances we have observed RBI phishing attacks which try to emulate the login panels of almost all the existing banks . This seems to be different as its not targeting the normal Banking Users at large but is targeting specific users.
It is also to be noted the the fake site doesn’t have a SSL Certificate, however even RBI’s official website has a broken SSL Certificate.
The Phishing Site
We at eScan invest our resources to come up with algorithms which weed out the human factor and try to merge the human intelligence with heuristic , computer assisted algorithms. The first one being Smart Phishing Filter or SURL , about which we have written a great detail with live examples about the success of it. SMART Phishing Filter / SURL detects these phishing links with accuracy.
The other experimental algorithm is the Doppelganger Domain Detection, which is more about the detection of typo-error type domains which most of the time fail to get detected at all levels.
The results of both the algorithms have been shown in their raw format.
SMART Phishing Filter
Readers may choose to read more about SURL / SMART Phishing Filter and Doppelganger Domain Detection over here.
Doppelganger Domain Detection