Some banks never seem to get the net

How about this for a muck up? I've received an email purportedly from Axis Bank (formerly UTI Bank), warning me against fraud. It has set off a whole bunch of alarms at the spam filtering service my employers use. See for yourself.
The MessageLabs Email Security System discovered a possible virus
or unauthorised code (such as a Trojan) in an email sent to you.
The email has now been quarantined and was not delivered.
Please read the whole of this email carefully. It explains the status
of your email, the nature of the intercepted virus and the next steps
for addressing the problem.
To help identify the quarantined email:
The message sender was
Onlineservice@axisbank.co.in

The message originating IP was 81.169.146.190
The message recipients were
***@thoughtworks.com

The message title was Urgent Fraud Notification! From AXIS BANK Account Review Department
The message date was Thu, 16 Aug 2007 11:17:05 -0700
The virus or unauthorised code identified in the email is
>>> Possible MalWare 'Exploit/Phishing-www.axisbank.co.in-07f0' found in '865236_1X_PM1_EM7_MH__message.htm'. Heuristics score: 350

Some viruses forge the sender address. For more information please
visit the virus FAQ's link at the bottom of this page.
The message was diverted into the virus holding pen on
mail server server-*.tower-**.messagelabs.com (pen id *****_**********)
and will be held for 30 days before being destroyed
Please contact your IT Helpdesk or Support Department for further
assistance.

I know I'd dropped my business card in a collection box at their ATM a few weeks ago for some promo or the other. I know they've picked it up, because I'd received a call last Saturday at an obscene hour (9 am on a Saturday morning after a night out is an obscene hour) from one of their 'executives' about it. I'm very careful with my office mail id and ensure that I only use it for work related stuff, so I never get any spam on it - consequentially I'm pretty sure it isn't on any database anywhere.

I'm guessing either the email is authentic and someone screwed up with the attachment, or possibly someone at Axis bank has been careless with the data they've gathered, allowing e-mail ids to reach phishers. It's just too much of a coincidence that this happens a few days after I got that call. Either way, a fair number of the unsuspecting customers of Axis bank who receive this e-mail will have been phishing targets. You'd think banks would have learned to be more careful by now...

Update 20071011
The Axis bank phishing saga continues, with two more emails sent from Axis Bank . See for yourself. This I received on the 9th.
Dear Customer,
You have 1 new Personal secure message
Please login to your online and visit the secure Messages,
section in order to read the message,

To Login, please click the link below:
Go to Online Banking ( http://ipoly-taj.hu/components/com_zoom/lib/Axis/Axis_Security.htm )

Regards
Axis Bank Ltd, N.A. and its affiliates

I haven't linked to that url, but it's a very poor fake of the Axis Bank homepage, logo and all.
Today I received this:
Update Your Online Banking Records.!!!
In accordance with our major database relocation we are currently
having major adjustments and updates of user accounts to verify
that the informations you have provided with us during the sign
up process are true and correct. However,We have noticed some
discrepancies regarding your account at UTI & Axis Bank.
Possible causes are inaccurate contact information and invalid logout process.
We require you to complete an account verification Process
procedure as part of our security measure.

You must click the bottun below to complete the process

[Button - Update your records]

Unable to do so may result to abnormal account behavior during
transaction.

Sincerely,
Thank You for using Axis Bank,

The Axis Bank Security Team.
___________________________________
© 2007 AXIS Bank Group plc. All Rights Reserved. Privacy | Helps | Legal

Clicking on the link leads to http://ipoly-taj.hu/components/com_sef/www.axis.co.in/RetailSignOn.html?server_error.signon=Update+Your+Records

So anyways, beware of these phishers.
Post a Comment