Hello SM,
On Tue, Mar 3, 2015 at 4:41 PM, S Moonesamy <sm+mu_at_elandsys.com> wrote:
>
>
> It would help home users understand what the Mauritian National Computer
> Security Incident Response Team (CERT-MU) is doing to ensure their computer
> security if there was some public information available. Could the
> Mauritian National Computer Security Incident Response Team share some
> information about how it handled this incident?
>
The last time I received a reply from the Mauritius Commercial Bank, they
said
:
*Rest assure that all possible steps are taken to promptly ban the
fraudulent domains and to inform our customers not to respond to these
fraudulent attempts.*
However, I did not receive any "info" on behalf the bank letting me (as a
customer) know of the situation. There is a short notice on MCB Internet
Banking page right under the "Sign in" button that reads as follows :
*MCB will never ask you for your Internet Banking credentials under any
other circumstance.*
**The line is ambiguous and and does not really inform people of the
actual situation. I asked several Internet users if they understood what is
meant by the above line, they did not relate it to the actual phishing
attacks. I believe there is a lack of security awareness while at the same
time more people are encouraged to subscribe to Internet & Mobile banking.
A few days ago, I received a reply from another affected bank and I was
told that CERT-MU has been informed and a general alert was sent out to its
constituency. The following page[1] describes CERT-MU's constituency. It
includes home users. I subscribed to CERT-MU's mailing list only two days
ago. I haven't received any confirmation to my subscription yet. Therefore,
I cannot say if any advisory/general alert has been sent out or not. I'll
wait for the next alert to be released, hoping that I am subscribed to the
mailing list.
I sent an email to senaprasit.ac.th, which seems to be an academic
institution in Thailand, and informed them their web host has been
compromised[2] and hosting malicious webpages.
[1]
http://cert-mu.govmu.org/English/About_CERT-MU/Pages/Constituency.aspx
[2]
http://hacklog.in/wp-content/uploads/2015/03/senaprasit-compromised.png
Regards,
Ish Sookun
*- Geek by birth, Linux by choice.*
* +-+-+-+-+-+-+-+-+-+-+*
* |H|A|C|K|L|O|G|.|i|n|*
* +-+-+-+-+-+-+-+-+-+-+ *
*
https://twitter.com/IshSookun <
https://twitter.com/IshSookun> ^^ Do you
tweet?*
Received on Tue Mar 03 2015 - 13:35:18 PST
