The latest candidate to join the league of famous Banks who allowed their domain name to be phishing-friendly is SBI Mauritius.

Today an email was dropped in my spambox as follows:

sbi-mauritius-phishing

Dissecting the email header showed the source being a VPS from deployis.eu, a hosting provider.

Received-SPF: none (google.com: [email protected] does not designate permitted sender hosts) client-ip=xx.x.124.26; Authentication-Results: mx.google.com; spf=none (google.com: [email protected] does not designate permitted sender hosts) [email protected] Received: by vps026.deployis.eu (Postfix, from userid 33) id 531FD3A844; Thu, 2 Apr 2015 11:24:05 +0200 (CEST) Date: Thu, 2 Apr 2015 11:24:05 +0200 To: [email protected] From: =?UTF-8?Q?SBI_Mauritius?= <[email protected]> Subject: =?UTF-8?Q?Dear_SBI_Mauritius_Customer=2cYou_Have_A_New_Message?= Message-ID: <[email protected]>

The VIEW YOUR MESSAGE link opens up a page that appears identical to an “online banking login page” that pretends to be SBI Mauritius.

sbi-online

However, the real SBI online banking page looks different than the above. It is hosted under www.onlinesbiglobal.com which is a centralized online banking facility for SBI Worldwide.


Previously, we saw phishing attacks using the domain name of MCB Ltd, Bank One, ABC Banking Corporation and the Public Service Commission of Mauritius.