For past few weeks we have been observing an increase in phishing operations, related to 41 Indian Banks. This is the largest Phishing scam being hosted on a single server, the only reason being all Indian Banks have been targeted.
Before I move ahead with the analysis here is a small preview of what is being served
Proof:
https://www.phishtank.com/phish_detail.php?phish_id=1642217
https://www.phishtank.com/phish_detail.php?phish_id=1642216
https://www.phishtank.com/phish_detail.php?phish_id=1642215
A screenshot of the landing page:
Screenshot of the landing page
Screen-shots of a few randomly selected banks:
Corporation Bank
Targeted Corporation Bank page
Allahabad Bank
Targeted Allahabad Bank page
ICICI Bank
Targeted ICICI Bank Login Page
The content of the emails received by the victims range from password change notification to insufficient account balance.
Analysis:
It is a rare occurrence to come across an on-going campaign which is targeting 41 Banks at one go. Normally , we will always observe that a web-server is hacked and a phishing site is uploaded. The Phishing campaign thus uploaded will target only select few.
A hacked server will host either Paypal, CitiBank or ICICI or Barcklays etc . but not multiple sites.
A few such examples:
https://www.phishtank.com/phish_detail.php?phish_id=1642247
Hacked Site : worldfoodshop.net
Serving Phish for: Allied Bank
Any other Phishing Site Found on this server: No
https://www.phishtank.com/phish_detail.php?phish_id=1642254
Hacked Site: www.chisto.ru
Serving Phish for: PayPal
Any other Phishing Site Found on this server: No
https://www.phishtank.com/phish_detail.php?phish_id=1642253
Hacked Site: avto.reg50.ru
Serving Phish for: PayPal
Any other Phishing Site Found on this server: No
This on going RBI Phishing Campaign is a bleak reminder of the days to come, especially with the festive season just round the corner, when all of us would be gleefully shopping and conducting banking transactions, and due to which, most of us are prone to commit mistakes.
Stay Alert , Bank Safe and never forget to update your AVs
