Hi Ish,
At 23:10 28-02-2015, Ish Sookun wrote:
>Hotlinking bank logo as well as other elements makes it easier for
>phishing attackers to use those and create fake pages. Those fake
>pages could as well be created by downloading the images & hosted on
>the same server as the fake page. Nevertheless, hotlinking makes
>this step one level easier.
>
>Though might sound insignificant in this age but loading resources
>from the banks server would put the bandwidth load on the bank
>itself. Does the bank have to cater for phishing attacker needs :-)
>I don't think so.
The following is a logo from a bank:
https://www.hsbc.co.mu/P2G_Themes_Skins/themes/html/hsbc_pws_popup/images/logo.gif
You can save the (logo) image by right clicking on it and choosing
"Save". The image can be reused in one of those fake web pages. You
implemented a security measure which is trivial to bypass. :-)
Loading the image from the bank web site is not the problem. The
problem is that there is a phishing attack and you should stop it as
quickly as possible.
>I received a reply from ABC Banking Corporation notifying me that
>they have alerted CERT-MU & the latter released a general alert to
>their constituency[1]. The said constituency includes "home users"
>but I don't know of any such "alert" being released. Since, I am not
>in the CERT-MU ML, I can't say if an alert was sent out. I
>subscribed to CERT-MU ML last night after having asked them to
>update subscription information on their page[2] a few days ago.
There isn't any alert at the cert-mu web site. Shouldn't that alert
be available to the bank customers? I doubt that there are a of bank
customers which are part of that "constituency".
>In the case of the MCB phishing attempt, the "From:" field showed
>the email source as _at_<http://mcb.mu>mcb.mu while the one concerning
>ABC Banking did not.
The word "safe" is displayed in the "MCB" screenshot. There is a
warning message for the ABC Banking Corporation email (
http://hacklog.in/wp-content/uploads/2015/02/abc-banking-corporation-phishing.png
).
Regards,
S. Moonesamy
Received on Sun Mar 01 2015 - 08:04:43 PST
