Web

Phishing attacks in Mauritius?

The past few months we have seen a surge in phishing attacks. Though till now we can’t deduce for sure where the attackers got hands on so many Mauritian email addresses. Nevertheless, we know those attacks are targeted at Mauritians specifically.

 

What is phishing?

In simple terms, phishing is the act of impersonating someone through an electronic medium, which in most cases is using an email service. Say someone sends an email to my friend pretending to be me, that would be phishing.

Some time back the majority of phishing scams would involve fake lottery winners or someone requiring help to transfer huge sums of money. Those scams still exist on the web but they are turned down by spam filters.

Then in recent times bank phishing scams started. Bank customers are usually instructed to log in and reactivate their account or prevent their account from deactivation. The email is not sent by the bank.

The attackers gained traction over time and crafted better emails. The latter would mimic banks and the local press reported people indeed fell in the trap.

 

How to distinguish between a real and fake email?

As I mentioned, the attackers, let’s call them cyber criminals, improved in the techniques used. Previously, they would send email from Gmail, Hotmail or Yahoo addresses and would sign off as the bank’s IT Security team or Internet Banking Department. The message content would contain typography mistakes and have poor grammar. That was easier to distinguish.

Some phishing scams would tempt people into believing that they are being offered a job in a luxurious hotel and their personal details are required. I once alerted such a hotel in the UK and the manager promptly replied and thanked.

Back to the bank phishing, as I mentioned people are asked to sign in to their Internet Banking account and in order to do that they are redirected to a domain that contains words same as the bank’s official website. The fake Internet banking page would appear similar to the real one with same logo and layout used.

A few weeks ago, Internet users triggered the alarm after they received emails from the domain same as the official website of a local bank. How could this happen? It’s no Voodoo. In the past, I have written how Government emails could be faked. The Government Online Centre implemented the necessary security measures to counter such email forgery attempts. As for local banks, we’re not there yet.

So, how to distinguish between the real and the fake? Well, for the common Internet user, there could not be anything more archaic than calling up the bank in case of doubt. I quote this from the communiqué of a local bank:

En cas de doute, il suffit d’appeler le Contact Centre…

Meaning, “in case of doubt, calling the bank would suffice…”

For the more curious user, I suggest having a look at the email headers. In Gmail, click on the button next to the “reply” icon and select “Show original”. Analyzing the header and the content source help identify the authenticity of the message elements.

 

Gmail header
In a phishing email involving a local bank I noticed the logo of Google was pulled from Wikipedia. If a genuine email, there is no reason for pulling official logos from Wikipedia or third party sources.

I came across this comment while reading Hansard documents:

In any way, Mr Speaker, Sir, if you have a bank account and it has
been hacked through no fault of your own, the bank will be responsible obviously for that
amount and will be liable.

In an event of getting an account compromised through phishing, who is to blame? Can we blame the customer for not distinguishing between a real and fake email from the bank?

 

To Top