About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

03 August 2013

Great Phishing Email (target - Standard Bank)

I love great phishing emails - the ones where the phishers have made the effort to make the email look legitimate. Earlier this week, I got this one from Standard Bank - an email that actually strikes the right notes in many ways. In fact, it is very difficult to state that it is illegitimate, and I doubt most normal users would be able to spot it as a phishing email.

Firstly, I am ex-customer - so asking details for further screening is not a "bad" message. The grammar, the notes on the opening times of the customer contact centre, the disclaimers are all perfect. I did open the HTML attachment, but not on a browser - and even the stylesheets are perfect (using a legitimate Standard Bank stylesheet). They even have the right anti-phishing messages
"Important security alert! Standard Bank will never ask you to access internet banking through a link in an email. Don't fall victim to fraud!"
And lastly, all the HTML code seems to point to Standard Bank website - unless a domain itself is compromised, I couldn't spot an incorrect domain. But perhaps, I didn't look hard enough.

So, why do I think it is a phishing email?
  1. The attachment asks for your ATM pin and Internet Banking password (to be reset)
  2. Asks for "Zip Code"
  3. Asks for other personal data, such as ID numbers
  4. Asks for email password
  5. And lastly, the email headers give it away
Received: from exchange.szlonghao.com ([])
        by mx.google.com with ESMTPS id q66si27264684yhl.395.2013.07.29.03. 
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Mon, 29 Jul 2013 03:48:47 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning 
ibsupport@standardbank.co.za does not designate as permitted 

sender) client-ip=;

No comments: