Case History of Phishing with True Story
We promised you that we will produce an article before you about a true story of Phishing and how victim was tapped by the Phishers and how much amount he lost and what was the family status of the victim. In this case the names and original addresses of victims are kept in secret but their family status is very high profile. It is a joint bank account of a well known Private Bank of mother and son. Mother is a retired System Administrator of a bank and son is a young highly qualified educated person from a world famous Management Institution. They used the net banking system both by using separate user name and password for the same account.
How were they tapped by the phisher? The phisher/hacker/cybercriminal sent a phishing mail to the son’s e-mail id for updating his net banking data by saying that if he does not update the same his net banking system will be disabled and the that very well educated son updated it which resulted a loss of Rs. 175,000/- to them and they learned it after three days about the loss.
What the Phishers did? They transferred the above amount to another person’s savings account with a branch of that bank in a separate state and he was then asked by SMS through internet to withdraw that amount through ATM and there after deposit to another separate bank account of different branch and those persons in whose account the amount were deposited they were also asked to do the same after deducting their commission and finally the amount was withdrawn by an unknown person and transferred to Nigeria.
I think now you are thinking the persons in whose account amount was transferred and deposited are the racket members or gang members of these cybercriminals. Yes we also thought so but during the course of investigation it has come into light that those persons got appointment through internet from outside of India as a collection agent of a foreign bank, in exchange of fat salary and commission as per deposit to their accounts.
In this case we will now tell you step by step how the Hackers/Phishers got success:-
Step 1- The criminals sent spam mails to a bulk of netizens by offering false appointment as a collection agent of a bank. This mail was carrying a hidden program with auto run system and the activity of that program (spyware: - Pl. read the article about Weapons of cybercriminal) was to read the mail box of recipients and send those addresses to the hacker/phisher.
Step 2- Now they asked the willing persons who wants to be an employee to open a savings bank account with specific private foreign bank having ATM facilities as they target renowned foreign bank account holders. The agreed persons did those according to the Phishers.
This mail was sent from America
Step 3- When they found any mail address about a bank of the recipient in their address book then they used the software of email spoofing (Pl. read the article about Weapons of cybercriminal) for sending mail to them as if it has come from his bank for updating the net banking system by using Pharming (Pl. read the article about Weapons of cybercriminal) tool.
This mail was sent from America by using satellite phone
Step 4- Now they assured themselves about access to that account from the username and password, which they got through phishing mail, and got success.
Step 5- Now they added the savings account of their false employee to the victims account as third party approval and it takes minimum 9 to 24 hours to activate.
This attempt was made from Philippines
Step 6- Once it is activated they transfer the entire amount except minimum balance part by part to their false employee’s savings bank account during day time for completing the other transactions. They transfer that much amount, which a person can withdraw maximum from ATM.
This attempt was originated from Nigeria
Step 7- Now as per appointment terms and condition they sent SMS through internet by SMS spoofing to the said employee for withdrawing that amount from ATM and deposit it to another account and send the scan copy of deposit slip to their mail id as confirmation. This process continued to other false employees also. In the chain wise the amount finally deposited to a foreigners bank account, with fake names and address, and finally transferred to the hackers in Nigeria through money transfer agencies.
All the addresses we got from tracking the IP address of mails and net banking. In our next posting we will share with you how to get rid of from phishing mails.
This is true story only for the educations of netizens so it’s a request don’t follow this way. This is a completely criminal offence if anyone does so he will be liable for that.