Friday, August 1, 2008

Phishing Attack on ICICI website

No surprising reading the blog which says phishing on Icici website . This blog is response to the illiterate blog.

Phishing is not a new technique, its been in the market since like more than 10 years. Most of Indian banking websites have been suffered or been suffering form phishing attack. Wikipedia says this about phishing: "A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996."

Phishing is a technique to grab actual username / passwords of a user of a website, by creating same looking website.

Coming to the main point of this blog now, answer to the above stated blog: Lets go line by line with my answers in blue fonts.

The Blog: Blog says "Surprisingly both the sites have secured SSL from Verisign !!!!"

INCORRECT: Padlock is the symbol of security and specifically SSL, which author has shown that its not present. Then how come he concluded it has SSL from Verisign ??

REALITY: As SSL certificate costs some money, and most of the phishing URLs are short-lived. Hence, nobody does the expense of SSL. Though if one wants to have SSL in a phishing website, one can do that at little extra expense. When SSL is present your link will start with "https" ! Authoer noticed this difference in the image, though!




The Blog: This is one of the worst phishing scam ever seen.

CONCLUSION: The author seems to have seen first phishing site :) atleast after 12 years of phishing.

The Blog: Here are the both the URLs, they are same, except there is a space (%20) at the end of the phishing URL.

The Wrong ICICI Website:
https://infinity.icicibank.co.in/BANKAWAY?Action.RetUser.Init.001=Y&AppSignonBankId=ICI&AppType=corporate&abrdPrf=N%20

Actual ICICI Website:
https://infinity.icicibank.co.in/BANKAWAY?Action.RetUser..Init.001=Y&AppSignonBankId=ICI&AppType=corporate&abrdPrf=N

INCORRECT: Phishing site will always have link look similar to the othr site which is under attack. For example I want you to login to your hotmail.com, I can have site link displaying like www.hotmail.com but actual href is set to some other website. For example www.hotmail.com when you will click this link it will go to my blog page. Similarly, attacker registers a domain, makes a link look like Icicibank website, but the hrf is set to his similar looking website. Which will have TOTALLY different link, unlike its mentioned by the author. Notice both images and its URLS, both are totally different.

REALITY: No two sites can share a common domain name. Here its icicibank. If one shares the domain, meaning your server is hacked !!!



The Blog:Please be aware while doing the transaction through 'NetBanking'.

This is the first and last correct sentence in the said blog !!!

Beware of such attackers and such bluffmasters !!

3 comments:

સુરેશ જાની said...

Please send me ICICI bank's fake URL . I have an account and am very much intersted to know.

Bhavana said...

Hello Sir,
This is really interesting. Specially, the difference of only %20 in the link.
Recently my sister finds her yahoo email hacked, and sometimes she cannot login herself and have to take PW help to see her mails. Wud be interesting to understand this mail hacking process :-)
-Bhavana

Anonymous said...

Very good information. Please keep writing such things. It helps us ordinary people a lot.

Mohan Patel
USA