|
Reported Incidents based on General Incident Classification Statistics 2013
| |
MyCERT Advisories, Alerts and Summaries for the year 2010 |
|
|
 |
MA-228.042010:MyCERT Advisory - Phishing Attempts Targeting Public Bank Malaysia Users
Published date: 2010-04-23
1.0 Introduction
MyCERT has observed a surge in attempts to steal credentials of Public Bank users in the past few weeks. The 'phishers' will normally send an email containing a URL or link to the fake website that looks like the bank's website. The ultimate goal of the phishers is to obtain the credentials of the users such as username, password and the transaction code when unsuspecting users log into the fake website.
From 24th of March 2010 to 22th April 2010, MyCERT had handled 55 unique phishing sites targeting clients of Public Bank. We have also observed that the criminals are using Bahasa Malaysia for both, phishing emails and domain names, on a few occasions.
2.0 Technical Analysis
2.1 Phishing Emails
The first part of the targeted phishing attack is in the form of email mass-mailed. The following are some of the email subjects used by the criminals. - You have one new message from Public Bank Berhad
- "Account PBeBank dikunci kerana beberapa masalah dalaman
- Berhad Public Bank - Account access has been limited !
- Berhad Public Bank - Your account has been suspended!
- Akaun anda telah dikunci
- ** Error in your information on file with us **
- PBeBank Security Measures, Code: TXEIWEDCPT
- Confirm Your Identity
- Account security update information required !
- Your Public Bank account has been deactivated
- Your PBEbank account has been locked
2.2 Phishing Email content
The following are some of the examples of the Phishing emails and sites:
============Example Content 1==========
Public Bank Berhad temporarily suspended your account.We need you to complete an account update so we can unlock your account.
To start the update process, please Login to your account and follow the steps.
© 2010 Public Bank Berhad All rights reserved.
======================================
============Example Screenshot 1===========
======================================
============Example Content 2===========
For security reasons, your Public-Bank account has been blocked due to inactivity or because of too many failed login attempts.
Please Click Here to restore your account access. We look forward to serve you better !
2010 Public Bank Berhad
=======================================
============Example Screenshot 2===========
=========================================
==============Example Content 3 ==========
Public Bank Internet Banking anda telah dinyahdayakan kerana tidak aktif. Untuk mengaktifkan semula anda Internet Banking, anda perlu mengesahkan nombor telefon anda. Sila ikuti langkah berikut: - Kunjungi website kami di
hxxp://adsl-68-21-83-141.dsl.ipltin.ameritech.net/public/
- Masuk ke Internet Banking dengan menggunakan ID Pengguna dan Password.
- Sahkan nombor telefon anda dengan memasukkan PAC (PBeBank Kod Pengesahan) yang anda terima.
- Setelah pengesahan akaun anda, log out. mengakses akaun anda akan dikembalikan.
- Sila tunggu antara 1-2 jam untuk perkhidmatan profil pengguna perlu mengaktifkan semula.
Terima kasih telah menggunakan PBE Public Bank.
Copyright © 2010 Public Bank (6463-H) All Rights Reserved
============================================
==============Example Screenshoot 3 ==========
============================================
2.3 Phishing sites
In most cases, the criminals will register a new domain name. There were some instances where the phishing sites were hosted on a compromised web server. The URLs of the phishing sites that have been handled by MyCERT is listed in section 6.0.
3.0 Mitigation
3.1 Banks will never ask users to do account updates, password reset, account unlocking or anything in relation to banking via emails and URLs. If you do receive such emails and it looks like it came from the banks or any financial institutions, you can: - Ignore or delete the emails
- Contact the bank for clarification
- Forward the phishing email to cyber999@cybersecurity.my
If you are a victim: - Notify the respective bank for their further action
- Lodge a police report at the nearby police station by providing relevant information
3.2 If you're a Firefox user, consider using our experimental antiphishing plugin for the browser. Please visit this URL for more information: - https://addons.mozilla.org/en-US/firefox/addon/142878
MyCERT can be contacted via the following channels:
E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS :CYBER999 REPORT <EMAIL> <REPORT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my
4.0 References
- http://www.mycert.org.my/en/services/advisories/mycert/2009/main/detail/718/index.html
- http://thestar.com.my/news/story.asp?file=/2010/4/21/focus/6095783&sec=focus
5.0 List of Phishing sites
The following are the URL of phishing sites of Public Bank Malaysia that has been handled by MyCERT.
 |
|
|
