Phishing Attack on Axis Bank Customers

Submitted by dhananjay on Sat, 12/01/2007 - 00:32

Share

Yet another indian Bank Customers are facing phishing attacks.

Home page of phishing site looks similar to the home page of www.axisbank.com site.

Customers are getting impersonated emails showing sender email as "customer.info@axisbank.com". The email message content is as given below

------------------------------------------------
Subject: AXIS Bank Alert: Please Re-confirm Your Internet Banking

Dear Valued Customer,

During our regularly scheduled account maintenance and verification procedures, we have
detected a slight error in your Account billing information. This might be due to either of the following reasons:

1. A recent updates in our billing server ( Due to slightly problem )
2. A recent change in your personal information ( i.e. change of address).
3. An inability to accurately verify your selected option of payment due to an internal error within our processors.
Please re-confirm your Internet Banking by clicking the link below:
https://www.axisbank.co.in/BankAway/SignOn.aspx?RequestId=714870

Thanks for your advance help.

Axis Bank
Customer Service.

iConnect is best used with Microsoft Internet Explorer Version 4.0 (© Microsoft) and higher.
If you are getting the a Security Alert Message please Click here.
Copyright© 2007 - Axis Bank. All rights reserved.

-----------------------------------------------
Email Headers are found as given below

Return-Path:
Delivered-To: *****************************
Received: (qmail 2135 invoked from network); 30 Nov 2007 14:53:58 -0000
Received: from unknown (HELO smtp1.vol.cz) (195.250.128.78)
by 0 with SMTP; 30 Nov 2007 14:53:58 -0000
Received: from web.vol.cz (web.vol.cz [195.250.159.4])
by smtp1.vol.cz (Postfix) with ESMTP id 406DC87085
for <***********************>; Fri, 30 Nov 2007 15:55:49 +0100 (CET)
Received: from web ([127.0.0.1]) by web.vol.cz with Microsoft SMTPSVC(6.0.3790.3959);
Fri, 30 Nov 2007 15:54:51 +0100
Date: Fri, 30 Nov 2007 15:54:51 0100
Subject: AXIS Bank Alert: Please Re-confirm Your Internet Banking
To: ****************************
From: AXIS BANK
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-ID:
X-OriginalArrivalTime: 30 Nov 2007 14:54:51.0469 (UTC) FILETIME=[F5DABFD0:01C83360]

------------------------------------------------

The URL given in the email is actually having hyper link as "http://albi-sign.be/mail/database/data/1/axisbank.com/index.htm"
The domain 'albi-sign.be' whois given below shows that it is registered in Belgium
--------------------------------------------
Domain details
Domain
Name albi-sign
Status REGISTERED
Registered November 14, 2005
Last update December 21, 2006 11:48 AM
Licensee
Name Abdilkadir Kahya
Organisation bvba al-bi

Language English
Address
Phone
Fax
Email
Agent technical contacts
Name Stein Van Stichel
Organisation Stone Internet Services bvba (1-eurohost.com)

Language English
Address Kortrijksesteenweg 842
9000 Gent
Belgium
Phone +32.494031490
Fax +32.92700081
Email support@stone-is.com
Agent
Organisation Stone Internet Services Bvba

Website www.1-eurohost.com
Nameservers
ns1be6.1-eurohost.com
ns2be6.1-eurohost.com

---------------------------------------

Phishing site is hosted on IP Address: 87.238.162.145
and IP Location is - Belgium - Stone Internet Services Bvba Server Range

----------------------------------------