Tag Archives: Wells Fargo

Bangladesh Government Sites Used in Phishing Campaign

Bangladeshi government web pages have been compromised and used in phishing attacks, according to security researchers.

Domain name registrations under .gov.bd appear to have been used in attacks spoofing the likes of Wells Fargo bank, Google and AOL, according to anti-phishing firm Netcraft.

However, the vendor claimed in a blog post that the compromised server in question is “one of a few” hosted in the UK on a static IP address used by the hosting company Nibs Solutions.

The phishing pages are apparently still live after more than a week.

“The presence of multiple live phishing sites on the affected server, and the fact that the previous compromises have not yet been cleaned up, suggests that whatever security vulnerabilities might have affected the server are yet to be resolved,” Netcraft continued.

“Bangladesh has a relatively small presence on the web, with just over 30,000 websites making use of the entire .bdcountry code top-level domain. However, the ratio of phishing incidents to sites is quite high at roughly 1 in 100.”

The incident will add further embarrassment to the Bangladesh government after its central bank was caught out in a major cyber attack earlier in the year which led to the theft of over $80 million.

In that incident, hackers would have stolen $1bn but a spelling mistake in the routing instructions raised the alarm and a fifth transfer of $20m was stopped.

A war of words ensued between the bank and Swift, the global organization which owns and operates international bank transfer messaging infrastructure.

According to Reuters, Bangladesh Bank staff accused Swift technicians of leaving security holes when they were connecting the bank’s real-time gross settlement (RTGS) system to the Swift network.

However, Swift has refused to take any of the blame, claiming the fault is on the bank’s side.

It emerged earlier this month that a second bank, and Swift customer, had been targeted in the same way.

Source:

http://www.infosecurity-magazine.com/news/bangladesh-government-sites/

Bangladesh government exporting live phish

Bangladesh is one of the world’s largest producers of fish; but lately, its government has also become an inadvertent exporter of phish.

Over the past week, several phishing sites have popped up on Bangladeshi government websites, under the .gov.bd second-level domain. These fraudulent sites have been used in phishing attacks against customers of Wells Fargo bank, Google, AOL, and other email providers.

 

One of the phishing sites currently using a .gov.bd domain is hosted on a website belonging to the Bandarban Technical Training Center in Bangladesh. The fraudulent content imitates Google Docs in an attempt to steal victims’ email credentials, whichever mail providers they use.

Domain name registrations under .gov.bd are restricted to government-related entities in Bangladesh, although it is unlikely that the government is directly responsible for these attacks. As with most phishing sites, the fraudulent content has probably been placed on these government sites by remote hackers; nonetheless, this would make the Bangladesh government at least responsible for poor security.

The vast majority of websites under .gov.bd are hosted within Bangladesh, but the apparently-compromised server involved in these attacks is one of a few that are hosted in the United Kingdom, on a static IP address used by the hosting company Nibs Solutions. No Bangladeshi servers are currently serving phishing sites from .gov.bd domains.

After more than a week since this spate of phishing attacks started appearing on UK-hosted .gov.bd sites, none of the fraudulent content has been removed. The presence of multiple live phishing sites on the affected server, and the fact that the previous compromises have not yet been cleaned up, suggests that whatever security vulnerabilities might have affected the server are yet to be resolved.

Detected just over a week ago, the oldest phishing site in this spate of attacks targets Wells Fargo customers and remains accessible today on the Jessore Technical Training Center website at jessorettc.gov.bd. This training center was established by the Government of the People's Republic of Bangladesh in 2004, hence its eligibility to use the .gov.bd domain.

Detected just over a week ago, the oldest phishing site in this spate of attacks targets Wells Fargo customers and remains accessible today on the Jessore Technical Training Center website at jessorettc.gov.bd. This training center was established by the Government of the People’s Republic of Bangladesh in 2004, hence its eligibility to use the .gov.bd domain.

Bangladesh has a relatively small presence on the web, with just over 30,000 websites making use of the entire .bd country code top-level domain. However, the ratio of phishing incidents to sites is quite high at roughly 1 in 100.

Users of the Netcraft anti-phishing extension are already protected from these attacks, including the examples shown above, even though the fraudulent content has not yet been removed by the sites’ administrators.

Source:

http://news.netcraft.com/archives/2016/05/18/bangladesh-government-exporting-live-phish.html

K-Staters fall hook, line, and sinker for phishing scam

MANHATTAN (KSNT) – Some Kansas State University students and faculty fell hook, line, and sinker for a phishing scam over spring break.

The university reports there was an increase in the number of phishing scams sent to K-Staters. The week of March 16th through the 22nd, more than 60 people shared their private information, including their electronic ID and passwords via one scam. Two of the compromised eID’s were then used to create surveys with the K-State brand that sought additional information. More than 100 K-Staters provided the requested information.

Another survey scam purporting to be from Wells Fargo Bank was shut down before it could be sent out. Nearly 5,500 names were set to receive the phishing scam before it was stopped.

Kansas State University Information Technology Services warns students and faculty that they will never ask for information such as id’s and passwords by email or in a survey.

Source:

http://ksnt.com/2016/03/25/k-staters-fall-hook-line-and-sinker-for-phishing-scam/