Some banks never seem to get the net

How about this for a muck up? I've received an email purportedly from Axis Bank (formerly UTI Bank), warning me against fraud. It has set off a whole bunch of alarms at the spam filtering service my employers use. See for yourself.
The MessageLabs Email Security System discovered a possible virus
or unauthorised code (such as a Trojan) in an email sent to you.
The email has now been quarantined and was not delivered.
Please read the whole of this email carefully. It explains the status
of your email, the nature of the intercepted virus and the next steps
for addressing the problem.
To help identify the quarantined email:
The message sender was
Onlineservice@axisbank.co.in

The message originating IP was 81.169.146.190
The message recipients were
***@thoughtworks.com

The message title was Urgent Fraud Notification! From AXIS BANK Account Review Department
The message date was Thu, 16 Aug 2007 11:17:05 -0700
The virus or unauthorised code identified in the email is
>>> Possible MalWare 'Exploit/Phishing-www.axisbank.co.in-07f0' found in '865236_1X_PM1_EM7_MH__message.htm'. Heuristics score: 350

Some viruses forge the sender address. For more information please
visit the virus FAQ's link at the bottom of this page.
The message was diverted into the virus holding pen on
mail server server-*.tower-**.messagelabs.com (pen id *****_**********)
and will be held for 30 days before being destroyed
Please contact your IT Helpdesk or Support Department for further
assistance.

I know I'd dropped my business card in a collection box at their ATM a few weeks ago for some promo or the other. I know they've picked it up, because I'd received a call last Saturday at an obscene hour (9 am on a Saturday morning after a night out is an obscene hour) from one of their 'executives' about it. I'm very careful with my office mail id and ensure that I only use it for work related stuff, so I never get any spam on it - consequentially I'm pretty sure it isn't on any database anywhere.

I'm guessing either the email is authentic and someone screwed up with the attachment, or possibly someone at Axis bank has been careless with the data they've gathered, allowing e-mail ids to reach phishers. It's just too much of a coincidence that this happens a few days after I got that call. Either way, a fair number of the unsuspecting customers of Axis bank who receive this e-mail will have been phishing targets. You'd think banks would have learned to be more careful by now...

Update 20071011
The Axis bank phishing saga continues, with two more emails sent from Axis Bank . See for yourself. This I received on the 9th.
Dear Customer,
You have 1 new Personal secure message
Please login to your online and visit the secure Messages,
section in order to read the message,

To Login, please click the link below:
Go to Online Banking ( http://ipoly-taj.hu/components/com_zoom/lib/Axis/Axis_Security.htm )

Regards
Axis Bank Ltd, N.A. and its affiliates

I haven't linked to that url, but it's a very poor fake of the Axis Bank homepage, logo and all.
Today I received this:
Update Your Online Banking Records.!!!
In accordance with our major database relocation we are currently
having major adjustments and updates of user accounts to verify
that the informations you have provided with us during the sign
up process are true and correct. However,We have noticed some
discrepancies regarding your account at UTI & Axis Bank.
Possible causes are inaccurate contact information and invalid logout process.
We require you to complete an account verification Process
procedure as part of our security measure.

You must click the bottun below to complete the process

[Button - Update your records]

Unable to do so may result to abnormal account behavior during
transaction.

Sincerely,
Thank You for using Axis Bank,

The Axis Bank Security Team.
___________________________________
© 2007 AXIS Bank Group plc. All Rights Reserved. Privacy | Helps | Legal

Clicking on the link leads to http://ipoly-taj.hu/components/com_sef/www.axis.co.in/RetailSignOn.html?server_error.signon=Update+Your+Records

So anyways, beware of these phishers.

9 comments:

Vaibhav said...

Interesting... :)

Shourya said...

I got a phish-bait yesterday from someone purporting to be "Axis Bank". I know you are not falling, but just watch out.

Patrick said...

Another possibility is that phishers set up the collection box at the ATM. I admit that is unlikely. But that you recently left your business card at an ATM, combined with a phone call, would greatly increase the yield on the phishing emails.

It would be similar to the attack where criminals install a fake ATM machine, let people scan their card and enter their pin, record the card number and pin, then display an "out of service" message.

Sidu said...

All ATMs in Bangalore (I know it's different elsewhere :-)) have a security guard round the clock and are are placed inside a small room with a glass door. The room is covered by a video camera.
In this case, the Axis Bank ATM was on the ground floor of the building in which my office is located, which is itself within a compound also with 24 hour security.
It's pretty much impossible for someone to leave a collection box and put up a fake poster asking for visiting cards inside the ATM.

Kunal said...

plain phishing! Nothing else.

I doubt whether the mail had originated from AXIS bank domain. If you check the mail headers, you should see different domain.

Sudhindra Rao said...

Sidu
However secure the ATM maybe.. but it is entirely up to you when it comes to sharing your personal/work email id. And dropping a business card in some box that you dont know is totally your fault. In this day and age even a wrongly typed word with an @ sign in it gets emails. So good luck dealing with the spam.

Aj said...

Couple of days back I 've got the similiar e mail and I did some research on it and found that it's fake.

But the sad part is, I did informed this to axis bank people and there is no response from there.

Today I checked those 2 links, its removed. I think they have moved to anothe domain, please be carefull guys!

Anonymous said...

I received a similar email, and after reading all these messages, it struck me that i had just paid my MAGNET bill to Axis and dropped it in the mall box.
I hope they dont tanker with the cheque!
Anyway, just adding to this phishing stuff happening..

Anonymous said...

I got the mail a month ago and i did what was instructed, and guess what... my account was debited by 4000... i have informed the bank and even after follow up there is no response to where my money has gone... Guys be careful.