Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

Siam Commercial Bank Phish In The Wild

image
THREATLABZ
October 30, 2011 - 2 min read

Targeted Phishing attacks for banking and financial domains are a popular way for attackers to steal sensitive data from customers. To counter these attacks, banks and other financial institutions are driving various campaigns to educate their customers. Recently, I found a live phishing page for the “Siam Commercial Bank” of Thailand.

Naturally, a key ingredient in any phishing attack involves creating a nearly identical site that will convince the user that they’re at a legitimate site. Let’s take look at the phishing page for SCB:

Image

You can observe areas marked in the picture above, which differentiate it from the legitimate SCB website. When a victim enters a username and password, the phishing webpage sends these credentials to a webserver controlled by the attacker.

Let’s enter fake credentials and see how these are sent to the cyber-criminals.

 

Image

Legitimate sites use SSL encryption to secure sensitive information entered by the users, while this phishing site sends the data in clear text, presumably because the attackers were too cheap to pay for a signed SSL certificate.

Lets take a look at the legitimate webpage of SCB and observe the same marked areas:

Image

We have observed numerous similar phishing pages. Recently, Umesh blogged about a phishing scam targeting Gmail users. It’s always a good idea to directly surf to a page before entering sensitive information, rather than clicking on a link that may take you to a fake site. I hope our blogs helps you to identify common red flags that reveal phishing pages.

Beware SCB Customers!

Pradeep

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
TOITOIN Trojan
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.