Bkis' malware monitoring system recently detects a new wave of attacks targeting the customers of Bank of India.
Bad guys fake the Bank of India to send mails to customers with content about online banking system upgrading, detail is as followed:
Bad guys will trick users into clicking the embedded link in the email leading to a website with the interface similar to that of the genuine site. The account information of users will be stolen as soon as they type in the information at this fake site.
If users do not pay attention to the domain name on the address bar, it would be really difficult for them to distinguish the fake and real websites.
Genuine website. Can you distinguish the two websites?
One more noticeable point is that: there is one warning about “Phishing attacks and Vishing attacks” right on the fake website :). The bad guys manage to built an almost-identical website, even including this feature. It is likely that Bank of India has also been aware of the attacks and is trying to warn its clients.
These fake websites have variable domain names and is in no way related to banking. In some other similar phishing attacks, bad guys often create domain names similar to the real websites, which makes it easier to fool users. In this case, there is a high possibility that the hackers have hacked some web server then taken advantage of the server to build phishing sites.
Analyst: Toan Duc