Comodo Threat Research Labs, a provider of computer software and SSL digital certificates, based in Clifton, N.J., has discovered a malware attack targeting ICICI Bank, a multinational bank based in Mumbai, Maharashtra, India. The bank has more than 4,000 branches and 13,000 ATMs in India.
Fake email disguised as official bank notices ask recipients to update banking details and say the update is mandatory. The sender is [email protected] which appears legitimate at first glance, but the domain name is not connected to the bank.
The bank’s website fraud page urges customers to report emails claiming to be from the bank regarding sensitive information such as account number, PIN or password by forwarding the email to [email protected]
Email Seeks Personal Data
Within the phishing email itself, the attackers ask the victims to click on a mandatory hyperlink to fill in personal and professional information. When the victim clicks the link, they arrive at a landing page where they can choose to update personal or corporate information. Either of these will take the victim to a new landing page where they are asked to confirm information such as password, transaction password, user ID, debit card number, email password and debit card number.
People receiving the email should make sure to look at the URL of the site asking for the information, Comodo noted in a blog. The hosting site is not affiliated with the bank. It is: www.gomiapp.com/rajesh/images/patterns/icici/.
The Comodo team identified the ICICI phishing email by the domain, IP, URL analysis and image analysis. The team notified the ICICI of its findings.
“Through our specific IP and URL analysis – as well as the Comodo Threat Research Labs’ continuous monitoring and scanning of data from the users of Comodo’s security systems, our team was able to identify this specific phishing email scam and alert the public to it,” noted Fatih Orhan, director of technology for Comodo and the Comodo Threat Research Labs. “As a company, we work diligently to create innovative technology solutions that stay a step ahead of the cybercriminals and keep enterprises and IT environments safe.”
Ducking Phishing Scams
Customers receiving emails should never provide this information in response to the email, ICICI noted on its website.
Comodo, in another blog. noted that ransomware attacks are increasing. John Peterson, Comodo’s vice president of enterprise products and product marketing, said Comodo’s containment model allows unknowns to run in a protected environment until they are determined to be good. At this point, they are released or determined to be malware, in which case they are removed from the system.
Featured image from Flickr.