Massive phishing scam emails against Maybank Malaysia

We have recently counted more than 50 scam emails that contain very dangerous links used for phishing attacks against the Maybank of Malaysia.

Maybank phishing emails

Below there are some examples of subjects used in the scam emails:

Subject: Important Update
Subject: Security Check
Subject: Update your profile
Subject: Urgent Notice
Subject: Profile update
Subject: Security Warning
Subject: Update your Account
Subject: Update your Password

While I was checking the headers of the emails, I noticed that most of the IP addresses of the senders come from Chinese (.CN) domains:

mail.bnu.edu.cn (mail.bnu.edu.cn [219.142.99.2])
58.185.112.164 (HELO user) (58.185.112.164) by 219.142.99.2
mailqd.cmr.com.cn (unknown [211.100.42.132])
User ([212.62.45.71]) by mailqd.cmr.com.cn
mail0.shift.edu.cn (unknown [61.152.219.51])
User ([58.185.112.164]) by mail0.shift.edu.cn
mail.smu.ac.kr (smu.ac.kr [203.237.168.13])
User ([58.185.112.164]) (authenticated (0 bits)) by mail.smu.ac.kr
idrgroup-nx0i3d.idrgroup.local (servera210.opencom.com [121.78.88.210])
User ([58.185.112.164]) by idrgroup-nx0i3d.idrgroup.local
mail.fudan.edu.cn (unknown [61.129.42.10])
User ([212.62.45.71]) by mail.fudan.edu.cn

Some of the malicious links used for phishing attacks are the following:

1
2
3
4
5
hxxp://zoahaza.isfreeweb.com/tt/style/setup/image/m2u.htm
hxxp://www.dobongn.kr/gnuboard4/bbs/m2u.htm
hxxp://central-groove.co.uk/images/M_images/www.maybank2u.com.my/m2u.htm
hxxp://zoahaza.isfreeweb.com/tt/components/m2u.htm
hxxp://womabkr.com.tw/Ch/img/main.htm

Not all the links are still active and fortunately there are also links that are detected and blocked by Mozilla Firefox but keep in mind that there are always links that are not blocked or that are not detected by any antispam filter!

Reported web forgery

Remember always to NOT insert sensitive data in unknown websites and to never click in links contained in unknown emails. When you receive this kind of emails, example from your Bank, and you are requested to insert sensitive data make sure to give a call to your bank before insert any kind of data in the suspicious website.

Random Posts

Previous Posts