Fraudsters Target the Reserve Bank Of India

As India’s fiscal year came to an end, Symantec had observed phishing attacks on the Indian Tax Department. Now, fraudsters have turned their attention to Indian banks. In particular, Symantec is seeing a significant rise in phishing attacks on Indian public sector banks. In March 2010 the number of phishing websites on Indian government bank brands increased by 35 percent from the previous month. Six banks were the primary targets, including the Reserve Bank of India (RBI). The attack on RBI continued in April, with two phishing websites being hosted on servers based in the USA. Interestingly, although hosted in the USA, the top level domain (TLD) of the phishing URLs were “.in”, which represents India.
Below is a screenshot of the phishing website attacking RBI. The phishing website contains a link to “online banking” that leads to the fraudulent login page that asks for a username and password or sometimes an account number and pin number:

The phishing website contains the RBI logo, but the Web page is completely different from the legitimate RBI website. The fraudulent Web page is created using a single template, allowing scammers to spoof multiple brands simply by replacing the logo and a few keywords. Phishing websites that spoof other brands using this design template are also hosted on the same IP, but have (continue reading...)