Rewterz Threat Alert: Fresher Phishing Campaigns Targeting Pakistani Bank Employees

SEVERITY: Medium

CATEGORY: Phishing

ANALYSIS SUMMARY

Following the previous two phishing campaigns that spoofed Summit Bank and Bank Al-Habib, the streak continues targeting bank employees in Pakistan with two fresher campaigns. This time the attackers spoofed Faysal Bank’s internet banking site and the Standard Chartered Bank. The email claiming to come from Faysal Bank looks like this:

Whereas, clicking on the “Click Here Now”, users are redirected to a malicious URL that looks very similar to the legitimate Internet Banking site of Faysal Bank. An unsuspecting user isn’t likely to differentiate between the fake and the original site.

Second campaign of the day fakes the identity of Standard Chartered Bank and has targeted more than hundred bank employees in Pakistan. The email pretending to be coming from Standard Chartered bank looks like this:

The hyperlink in this email also redirects to a URL which again looks similar to the legitimate site.

However, this time the site requires more information other than just credentials. When the information is provided, the user is redirected to the login page of original website of the bank, not logged-in.

Impact

Credential Theft

Exposure of Personal Information

Indicators of Compromise

URLs

https[:]//cbd9[.]net/images/query/faysalmobit/faysalmobit[.]php http[:]//blayzercommerce[.]com/wp-content/themes/twentysixteen/schartered/schartered[.]html

Email Address

noreplymobit[@]faysalbank[.]com[.]pk

iBanking[.]Pakistan[@]sc[.]com

Email Subject

Faysal Bank Account Locked

Standard Chartered Bank – Account Locked

Remediation

The count of these phishing campaigns targeting bank employees in Pakistan and spoofing the identity of banks has reached four now. It is advised to strictly avoid opening irrelevant or unexpected emails, attachments and URLs even if the source looks as legitimate as a financial organization.