Archive

Posts Tagged ‘Maybank2u’

How your Maybank2u account might get hacked

August 14th, 2009

Truth be told first, this is not a hacking guide but a reveal of a phishing scam targeted to Maybank2u users.

To many, phishing or the act of cheating you to handover your login particulars to another person might constitute the name of a ‘hack’ although it actually is not.

I will not go into details of naming this tactic, but see for yourself.

*Do note that I think this way of phishing would not be working anymore and in fact I think it doesn’t work at all. Please leave your comment if you think otherwise. :-)

1) It would start off with an email of warning that you need to login to your account and usually come with a link for you to click. Although this is not new but I bet users who are new to Internet or new to online banking might fall for it.
Why it’s fake : Look out for the content in the email, usually it is not correct at all. Technically there is no such IP address as 767.998.x.x and also bank will not send out email with ‘conforming verifying’ without proof reading.

phishing_email

2) The link will send you to a login page, but of course it is not the real Maybank2u.com website. Even the screen is old, which is why I think this scam is old and might not be working at all.
Why it’s fake : It is not the real website and there is no SSL (the lock icon on your browser) saying it’s a secure site. Try login with a fake id and any password, most likely you’re able to see the next page.

phishing

3) After submission of your login and password then you see a TAC screen?
Why it’s fake : You have not even requested for TAC and it’s asking you for TAC.

phishing2

4) All of a sudden you are logged out after TAC submission. Well, some smart guy will ask you not to login to your account for a few hours.
Why it’s fake : Even way before here I guess it looks fishy right? And now the process shows this author could just be a script kiddie.
phishing3

5) If you go to the main site, of course it is not to be the bank’s website.
Why it’s fake : It’s a personal website! Most likely the website was hacked and the scripts are planted there to act as middleman to send over the login information so that the real Slim Shady behind the job cannot be located.

phishing4

6) Try to do some tracing from the URL path and it lists the files in the webserver.
Why it’s fake : Looks like it’s a dormant site. Most files are updated in 2007 and the phishing files are updated lately.

phishing5

7) Trace deeper down the road.
Why it’s fake : Files are copied from somewhere else as this bankofamerica thing reveals that the same script could have been used for other banks too.

phishing6

8 ) View the source file and see where the data is posted.
Why it’s fake : It’s posting to another website, so this personal website is only a layer of deceit.

phishing7

9) Now visit the second website and leads to a website of manufacturing company?
Why it’s fake : You don’t need to tell this website doesn’t deal with money but with machines only. So it’s another website with planted scripts.
phishing8

10) Trace the script and then the game is revealed. The username and password is emailed to the hacker.
Why it’s fake : Need to say more?

phishing9

I’m not good in PHP, but could someone see if the TAC is sent to the recipient hacker?

From my observation, the hacker probably might not be able to actually hack into the account and do anything damaging without the TAC but he/she has got passwords to two webservers/websites so that scripts are planted there. The scripts probably could have been copied elsewhere too.

While this is not something new, but if the script works, real damage could be done, maybe not to you but to others.
Please beware and warn others that you think they will fall for such traps. (Like your dad or mum or grandpa or grandma?) :-)

One last thing, if you’re the owner of the two websites that got hacked, please remove the files and change your password.

Computer Security, Good To Know, Gossips, Hardware, Internet, Malaysia , , , ,

Green indicator for Extended Validation SSL Certificates

March 4th, 2009

If you’re using Firefox 3 or IE 7, chances are you might notice that the fav icon (Firefox) and url bar (IE) sometimes turn green.

It is one of the security features from the new browsers, to indicate that the communication between you and those websites are highly secured.

Mozilla has explained it in the Firefox 3 Release notes:

More Secure

* One-click site info: Click the site favicon in the location bar to see who owns the site and to check if your connection is protected from eavesdropping. Identity verification is prominently displayed and easier to understand. When a site uses Extended Validation (EV) SSL certificates, the site favicon button will turn green and show the name of the company you’re connected to.

If you’re using Firefox3, try these sites and see the differences:
https://www.godaddy.com/
https://www.paypal.com
https://www.maybank2u.com.my/mbb/m2u/common/M2ULogin.do?action=Login

GoDaddy

PayPal

Maybank2u

Those having EV certs has owner identity vetted by the CA authorities, while typical SSL certs only performs a validation against the domain name. Please do not get confused that typical certs are not secured. All SSL secured sites encrypts data, but those with EV certs has higher trust as their identify has been “verified”.

So in case you’re wondering how you could change your fav icon for Firefox to be so cool, you’d need to buy an Extended Validation SSL for that to happen.

Extended Validation Certificates (EV) are a special type of X.509 certificate which requires more extensive investigation of the requesting entity by the Certificate Authority before being issued. Source : Wikipedia

For IE Users, details here:
http://blogs.msdn.com/ie/archive/2005/11/21/495507.aspx

Computer Security, Internet, Technology , , , , , , , , , ,