Last week I wrote up a post about Phishing Attacks after MCB Internet Banking downtime. I showed the mechanism employed by the attackers.

Looks like the phishing attacks are continuously on rise with methods slightly changed. Previously we saw they are hosting fake login pages on “free web hosting” platforms. Today, I saw two emails whereby the attackers used domains like:

- mcb0017336.com - mcb001520.com

mcb-phishing-email-1

Email prompting to activate account

At the moment both of these domains have been reported. Thus Chromium browser detects the pages as phishing websites.

mcb-phishing-website

The use of mcb in the domain itself is an upgrade in the method employed. This gives us an idea that the people behind have better resources.

A whois request shows us the following:

Domain Name: mcb001520.com Registry Domain ID: 1865600582_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.melbourneit.com Registrar URL: http://www.melbourneit.com.au Updated Date: 2014-07-05T10:48:04Z Creation Date: 2014-07-05T10:47:58Z Registrar Registration Expiration Date: 2015-07-05T10:47:58Z Registrar: Melbourne IT Ltd Registrar IANA ID: 13 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +61.386242300 Domain Status: clientTransferProhibited Registry Registrant ID: Registrant Name: windows stationery Registrant Organization: mcb001520 Registrant Street: 1234 45th Street Registrant City: Los Alamos Registrant State/Province: NM Registrant Postal Code: 87544 Registrant Country: US Registrant Phone: +1.2730493388 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: [email protected]

Fellow Mauritians, be on guard when effecting online transactions. We have continuously said in various meetups, with the advent of modernization in the infrastructure, attack mechanisms will change. We see them happening.