The latest candidate to join the league of famous Banks who allowed their domain name to be phishing-friendly is SBI Mauritius.
Today an email was dropped in my spambox as follows:
Dissecting the email header showed the source being a VPS from deployis.eu, a hosting provider.
Received-SPF: none (google.com: firstname.lastname@example.org does not designate permitted sender hosts) client-ip=xx.x.124.26;
spf=none (google.com: email@example.com does not designate permitted sender hosts) firstname.lastname@example.org
Received: by vps026.deployis.eu (Postfix, from userid 33)
id 531FD3A844; Thu, 2 Apr 2015 11:24:05 +0200 (CEST)
Date: Thu, 2 Apr 2015 11:24:05 +0200
From: =?UTF-8?Q?SBI_Mauritius?= <email@example.com>
The VIEW YOUR MESSAGE link opens up a page that appears identical to an “online banking login page” that pretends to be SBI Mauritius.
However, the real SBI online banking page looks different than the above. It is hosted under www.onlinesbiglobal.com which is a centralized online banking facility for SBI Worldwide.
Previously, we saw phishing attacks using the domain name of MCB Ltd, Bank One, ABC Banking Corporation and the Public Service Commission of Mauritius.