Phishing emails are probably one of the most used methods in luring users into downloading malware or it could be used to extract important information from unsuspecting users. If you take note, you will notice that these attacks are becoming more specific in nature. Extra care and attention are going into making them realistic and harder to spot.
The most recent phishing attempt comes in the form of an ICICI bank update form which reads as:
‘It is strongly recommended that you update your account. There are series of issues about misuse and theft of account informations. We have recently update our security server to enhance your online security and protect our customers from online fraud.’
Do note the usage of incorrect grammar which has been highlighted in the image above. This, in itself should make you think twice before clicking on the embedded links. Having said that, the link leads to a page such as this;
where the user is asked to select the account type which could either be a Personal or Corporate account. Both, however, lead to similar pages which minuscule changes with their purpose remaining the same.
Personal:
Corporate:
Here is what the page looks like once the user chooses ‘Personal Account’
The coding is extremely simple as it only logs in details of whatever is fed into the text boxes. There are absolutely no hyperlinks or links connected to this page. They haven’t even made the effort to enable Virtual Keyboard.
Entering all details then leads to a page like the one shown below. This is basically a transaction grid that ICICI uses when processing a live transaction. However, the live process asks for 4 random position grids. This on the other hand asks for all!!
The next step asks the user to enter his/her personal details. He has obviously thought of everything with regard to gaining a user’s transaction details. Nevertheless, a poorly written code, if I must say so.
Once all the necessary proceedings are done with, the user is redirected to the official page of ICICI bank. How convenient!!
But where does all the information go? Well, on breaking into the code we found two email IDs linked – kumarsinghimpexltd@gmail.com, spectrumflames@yahoo.co.jp
Here are a few tips that will help you recognize a phishing mail:
- Grammatical errors: 98% of the time there will be errors in the way a sentence is formed. Look into it.
- Banks will never ask for details such as the Password, Debit/Credit Card number, CVV, ATM Pin; unless you are carrying out a transaction and there is a need to log in.
Thirdly, ICICI transaction grid consists of only 4 blocks and not all 16. If you are ever asked for all 16 grids, we suggest you to close the window and report whatever you have submitted prior to this to your nearest ICICI branch.
One Comment
www
Spot on with this write-up, I absolutely believe this site needs a lot more attention.
I’ll probably be returning to read more, thanks for the advice!