Phishing Malware Strikes One of the Largest Private Banks in India | Hacked: Hacking Finance
user

Phishing Malware Strikes One of the Largest Private Banks in India

Introduction

Lester Coleman

Lester Coleman

Lester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.


LATEST POSTS

Bitcoin Giant Bitmain Enters the High Stakes AI Race 27th August, 2017

Three Country Exchange Traded Funds Offer Potential For Investors 27th August, 2017

Cybersecurity

Phishing Malware Strikes One of the Largest Private Banks in India

Posted on .
This article was posted on Wednesday, 16:33, UTC.

Comodo Threat Research Labs, a provider of computer software and SSL digital certificates, based in Clifton, N.J., has discovered a malware attack targeting ICICI Bank, a multinational bank based in Mumbai, Maharashtra, India. The bank has more than 4,000 branches and 13,000 ATMs in India.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Comodo 1

Fake email disguised as official bank notices ask recipients to update banking details and say the update is mandatory. The sender is [email protected] which appears legitimate at first glance, but the domain name is not connected to the bank.

Comodo 2

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Comodo 3

The bank’s website fraud page urges customers to report emails claiming to be from the bank regarding sensitive information such as account number, PIN or password by forwarding the email to [email protected]

Email Seeks Personal Data

Within the phishing email itself, the attackers ask the victims to click on a mandatory hyperlink to fill in personal and professional information. When the victim clicks the link, they arrive at a landing page where they can choose to update personal or corporate information. Either of these will take the victim to a new landing page where they are asked to confirm information such as password, transaction password, user ID, debit card number, email password and debit card number.

People receiving the email should make sure to look at the URL of the site asking for the information, Comodo noted in a blog. The hosting site is not affiliated with the bank. It is: www.gomiapp.com/rajesh/images/patterns/icici/.

The Comodo team identified the ICICI phishing email by the domain, IP, URL analysis and image analysis. The team notified the ICICI of its findings.

“Through our specific IP and URL analysis – as well as the Comodo Threat Research Labs’ continuous monitoring and scanning of data from the users of Comodo’s security systems, our team was able to identify this specific phishing email scam and alert the public to it,” noted Fatih Orhan, director of technology for Comodo and the Comodo Threat Research Labs. “As a company, we work diligently to create innovative technology solutions that stay a step ahead of the cybercriminals and keep enterprises and IT environments safe.”

Also read: Report: Cybercriminals are cooking up malware in record numbers

Ducking Phishing Scams

Customers receiving emails should never provide this information in response to the email, ICICI noted on its website.

Customers who notice unofficial ICICI bank website should advise the bank in writing to [email protected] and to call the customer care or visit customer service here.

Comodo, in another blog. noted that ransomware attacks are increasing. John Peterson, Comodo’s vice president of enterprise products and product marketing, said Comodo’s containment model allows unknowns to run in a protected environment until they are determined to be good. At this point, they are released or determined to be malware, in which case they are removed from the system.

Featured image from Flickr.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Lester Coleman

Lester Coleman

Lester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.

Comments
  • user

    AUTHOR ICICI Cares

    Posted on 5:57 am February 25, 2016.

    ICICI Bank has a robust and multi-level security system for all its banking channels including our internet banking to safeguard our customers from fraudulent attacks including phishing.

    The phishing page which was hosted on the third party website does not exist and hence, it does not pose any threat to our customers. In addition, we have a proactive monitoring process to detect such phishing page/site, which are immediately brought down. In order to expand the vigilance, we even request our customers to bring to our notice as and when they come across any such phishing site. ICICI Bank never asks personal, account or financial information from our customers via e-mail or by directing them to a link online. On an ongoing basis the Bank advises its customers to not reveal their details to anyone. Readers and customers are requested to forward such e-mails to [email protected] along with your contact details.

  • View Comments (1) ...
    Navigation
    The team:
    Dmitriy Lavrov
    Analyst
    Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
    Jonas Borchgrevink
    Founder
    Jonas Borchgrevink is the founder of Hacked.com and CryptoCoinsNews.com. He is a serial entrepreneur, trader and investor. He shares his own personal journey on Hacked.com. // -- Discuss and ask Read More
    Mate Csar
    Analyst
    Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
    Mati Greenspan
    Analyst
    Senior Market Analyst at Etoro.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
    Rakesh Upadhyay
    Analyst
    Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
    Pamela Meropiali
    Account Manager
    Pamela Meropiali is responsible for users on Hacked.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
    Joseph Young
    Journalist
    Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
    Patient and hospital records are at serious risk of hacking…