NEWS FROM THE LAB - Thursday, March 10, 2011

Plenty of Phish in the Cloud Posted by Response @ 08:41 GMT

We've stumbled upon another phishing attempt. This time it was targeted towards Maybank's (one of the main banks in Malaysia) "lucky" customers. The typical method is implemented, i.e., pretending to be someone of authority and then requesting the customers to verify their account, and even reminding them to include the Transaction Authorization Code as well.

Maybank phishing

Further investigation revealed that this e-mail is originated from a spam server, and that's all we could find. Every other track has been carefully hidden.

While phishing attempts are not something new, phishing activities around developing countries seem to be on the rise recently. Have the groups responsible for the earlier activities shifted their focus to a new market? Perhaps they realized that phishy links have better chance to slip through and escape from being detected if they are localized. Add that with the fact that customers in the area are probably only recently acquainted with online banking, thus, could easily fall prey to sophisticated social engineering method.

Whatever the reason is, those scammers only have one intention — to get hold of valuable information that translates to financial gain. Tools such as our free Browsing Protection portal can help to protect users from going to dangerous sites, but the best practice is to take charge of one's own safety. Users need to be aware of the tricks usually implemented by those with ill intention to avoid falling into the trap.