Are you familiar with the term phishing? If you’re thinking about the activity of catching fish, well, it’s somewhat similar. It’s the catch that is different. A catch in the real fishing activity is a real fish. In phishing, the catch is actually your online account details – usernames and passwords. Let’s take a look at an actual example.
A few minutes ago, this came into my mailbox. Remember, this is an actual phishing email. It lures you to venture over to the phishing web site. Over at the phishing web site, you are then prompted to enter your online details. In this particular case, a Maybank account username and password. It’s also asking for an email account and password. Killing two birds with one stone eh..
An interesting point to note with this particular phishing site though. The URL in the email is pointing to an actual site. The person behind this email actually went and bought an actual domain for this purpose. Smart? Perhaps not too smart. By doing so, he exposes himself.
A quick Whois for the domain returned this:
WHOIS information for: mayberhad-verifications.com: [whois.melbourneit.com]
Domain Name.......... mayberhad-verifications.com Creation Date........ 2008-05-13 Registration Date.... 2008-05-13 Expiry Date.......... 2009-05-13 Organisation Name.... George Briner Organisation Address. 1505 Grandview Trail Organisation Address. Organisation Address. Warrior Organisation Address. 35180 Organisation Address. AL Organisation Address. UNITED STATESAdmin Name........... George Briner Admin Address........ 1505 Grandview Trail Admin Address........ Admin Address........ Warrior Admin Address........ 35180 Admin Address........ AL Admin Address........ UNITED STATES Admin Email.......... [email protected] Admin Phone.......... +1.7696540987 Admin Fax............ Tech Name............ YahooDomains TechContact Tech Address......... 701 First Ave. Tech Address......... Tech Address......... Sunnyvale Tech Address......... 94089 Tech Address......... CA Tech Address......... UNITED STATES Tech Email........... [email protected] Tech Phone........... +1.6198813096 Tech Fax............. Name Server.......... yns1.yahoo.com Name Server.......... yns2.yahoo.com
With the above information, I can determine that this particular domain is hosted by Yahoo!! As such, an email have been sent to Yahoo! informing them about this particular phishing site hosted on their hosting servers. The domain owner’s email is also available if you want to send spam into his mailbox. I wonder how long will it take Yahoo!! to bring down this phishing site.
Let’s take a look at the phishing page. It looks pretty much similar to an actual Maybank page. He or she probably did a cut and paste of the source code from the actual Maybank page. The phishing content is then added into the page.
The page look valid alright. If I didn’t know better, I’d probably say that it’s a valid Maybank page. I wonder how many unsuspecting Maybank users this person has managed to con into giving out thier username and password? I sure hope none yet. It’s a pretty new site. As a matter of fact, the domain was registered only today. I hope I get to stop this site before anyone falls victim to it.
If you’re reading this, please spread the word around about this particular phishing site. Don’t let anyone be a victim to this. I’ll be monitoring the site. If Yahoo does not take any action by shutting it down, I will keep sending them emails to do so. You can also do your part by checking the site out and sending complaints to Yahoo! if it is still up.
Maybank has also announced a few other phishing sites similar to this. Check out Maybank’s announcement at their Online Security Watch page.