Wednesday, February 11, 2009

AXIS Bank Phishing2...Be Careful !

Don't be surprised if you get a mail from AXIS bank (infact not from AXIS bank but from malicious user) saying "MPORTANT NOTICE: Update Your Axis Bank Ltd® Net Banking Details" (this is the subject). Notice the missing "I" for word IMPORTANT in the subject. Most people might end up reading reading "MPORTANT" as "IMPORTANT".
The mail looks like
Clicking "Update Your NetBanking Account" will redirect us to
http://axisaccountsummary.t35.com/axisbank.co.in/RetailSignOn.htm
which looks like

Write anything in "Login ID" and "Password" text boxes and Click "Submit" tab without selecting the radio buttons, this will redirect us to
http://axisaccountsummary.t35.com/axisbank.co.in/authenticate.php
The authenticate.php page looks like

On this page we find "Download","Click Here" hyperlinks, on clicking them will redirect to
https://www.axisbank.co.in/BankAway/(b5zbwu55bnaszw55d2iyuz55)/web/L001/retail/jsp/user/%5Cdownload%5Ciconnectform.pdf
https://www.axisbank.co.in/BankAway/(b5zbwu55bnaszw55d2iyuz55)/web/L001/retail/jsp/user/%5Cdownload%5Cicoftfform.pdf
respectively. Above URL's which point to the real website are using HTTPS request to get the resource and we can see the Phishing filter(Lock symbol) on down left but we get "The page cannot be found" error while downloading the PDF's.
Enter any arbitrary data into "ATM Card No.", "ATM Pin No.","Transaction Password" and click "Continue" tab which will redirect to
http://christkingdomorphanage.org/idbi2/accountsummary.php

I browsed to the Contact Us page (http://www.christkingdomorphanage.org/contactus.php) where the address is mentioned as
CHRIST KINGDOM ORPHANAGE HOME
UMUEZEALAKPA ALAENYI
OGWA, MBAITOLI LGA,
IMO STATE, NIGERIA
p: (+234) 8033738658
e: http://www.christkingdomorphanage.org/info@christkingdomorphanage.org
w: http://www.christkingdomorphanage.org/

Well, this might be the phishing mail originating from Nigeria, most probably.

Safe Surfing...Enjoy!!!