Siam Commercial Bank Phish In The Wild

Targeted Phishing attacks for banking and financial domains are a popular way for attackers to steal sensitive data from customers. To counter these attacks, banks and other financial institutions are driving various campaigns to educate their customers. Recently, I found a live phishing page for the “Siam Commercial Bank” of Thailand.

Naturally, a key ingredient in any phishing attack involves creating a nearly identical site that will convince the user that they’re at a legitimate site. Let’s take look at the phishing page for SCB:

You can observe areas marked in the picture above, which differentiate it from the legitimate SCB website. When a victim enters a username and password, the phishing webpage sends these credentials to a webserver controlled by the attacker.

Let’s enter fake credentials and see how these are sent to the cyber-criminals.

Legitimate sites use SSL encryption to secure sensitive information entered by the users, while this phishing site sends the data in clear text, presumably because the attackers were too cheap to pay for a signed SSL certificate.

Lets take a look at the legitimate webpage of SCB and observe the same marked areas:

We have observed numerous similar phishing pages. Recently, Umesh blogged about a phishing scam targeting Gmail users. It’s always a good idea to directly surf to a page before entering sensitive information, rather than clicking on a link that may take you to a fake site. I hope our blogs helps you to identify common red flags that reveal phishing pages.

Beware SCB Customers!

Pradeep