Ayoi’s

I think somewhere around January, I did mention to my colleagues on the possible rise of cybercrime cases due to the world economy crisis. There will be more spam email than before, more phising emails than before and yes, this time the target has been shifted to client or user side Why? Because it is a “lucrative”, often overlooked, less controlled and high in numbers. Instead of controlling few servers in that particular organisation (and difficult as well because most of the times these servers will be highly protected, monitored as those machines are in the high priority list ) why not just concentrate on the users. 1% of let say 1000 users is not bad eh? My friend mel posted one of the trick of misleading the users at security.org.my

There are many ways or patterns of how these phising emails may looked like. Previously it’s about how “our” bank’s servers were DDoSed and the needs of so called re-activation or re-verification of our accounts. For that purpose we need to login to our online account, retrieve the TAC number and submit those information (user name, password and TAC numbers) to the “verification” servers that happened to be located outside of Malaysia. Oh yeah, failed to perform this activity, your account will be terminated within 24 hours. As simple as that. One more thing, once you’ve “verified” (submitting the information to the “verification” server), you are not allowed to use your online account for 48 hours. Hmm I thought all these internet thingy/stuffs usually processed within seconds if not miliseconds.. LoL.

Now the trend is “Unblock you Account” email.

“Unblock your Account

For security reasons, your Maybank2u.com account has been blocked due to inactivity or becouse of too many failed login attempts.

Please login at maybank2u to restore your account access.

Online banking: Login

Maybank Berhad

https://www.maybank2u.com.my

© 2001-08 Maybank. All rights reserved.”

Thunderbird thinks that this email is scam. I love thunderbird

Cool eh… Too many failed login or due to inactivity (in sense of what? Never logged on? Less money transaction?) and this will caused your online account suspended. And yeah, it seems that one of the largest banks in our country is trying to save every penny that instead of inform me directly via phone call, they chose to send an email with poor spelling (if you want to “phis”, do it properly) and what the heck what kind of official email send to “undisclosed recipient”?. It doesn’t matter whether my balance is RM2.75 or RM 2.75 million, I am still your customer and you used my money for your business (credit creation.. ever heard of this? that’s why you need to have minimum balance), so please send a direct email ONLY to me OK? lol.

Sorry for that rant. Maybe because it is MOURNday… ANyway, further checking will reveal that this email is not from maybank (in fact if you look at the sender’s email address, you will know right away that this is non valid email.) There is not MX record for maybank2u.com.my. Maybank2u.com.my is only a domain specifically for web purpose, no other functions OK? This means that the only valid email that you will received from maybank personnel should has this address => blabla@maybank.com.my and NOT blabla@maybank2u.com.my or any other. Expect next time these phisers will use maybank.com.my as the sender email address . For that just take note that you should call any maybank branches (or your branches) for verification. Better still, you go there and talk to their representative.

For the email that I received, the email actually was sent from an insurance company called Alandale Insurance Agency. As the source of the email revealed that it was sent from a server called server.alandale.com (and if you query for its MX record, server.alandale.com is used as the mail exchanger with priority 5). I guess maybe one of the users’ machines was infected by worm that utilizes the email traffics on spreading its spam etc.

The best part is, the guy or gal who created this phising email has the audacity to use one of the images in yours truly website for this phising purpose.. Sigh..

Oh yeah.. all the links point to this site : http://75-149-136-211-connecticut.hfc.comcastbusiness.net/indexx.html which has been reported as “Web Forgery” by firefox.. (ok not by firefox)

Nice try guys

Comments RSS