The .vn website is used to phishing Japanese banks
After attacking the server of Duy Tan University's website (Da Nang), the hacker posted a phishing page of credit accounts for customers of a Japanese bank.
Japanese bank gets a .vn phising website?
About two days ago, CHA . com - a big Japanese bank discovered that its customers were scammed by credit card numbers (phishing) by a website located in Vietnam (domain name with .vn extension). ).
After discovering the incident, on the afternoon of April 6, 2007 - Bank of CHA . com contacted VNCERT immediately (Vietnam National Emergency Response Center - Ministry of Post and Telecommunications) through public RSA Cyota (the network security company that the bank employs services) and JPCERT to ask for help.
In the presence of PV VietNamNet, VNCERT center staff analyzed and affirmed: Phishing website by posting a link derived from website www.dtu.edu.vn/cha.online , with content inviting customers CHA . com to participate in a customer exploration program to receive a reward of 20 USD.
And of course, below, the website requires customers to confirm the information of the credit card number, password . of the account they own at CHA . com bank to receive 20 USD bonus. .
According to a specialist from VNCERT, " The domain name system in the link contains the phishing page that JPCERT provides is a web host in Vietnam - belonging to Duy Tan University's server system (Da Nang) ".
Rapid response
Image of phishing site located at dtu.edu.vn, for example, if a user participates in a survey program, the customer will receive a reward of 20 USD but must declare confidential information on credit account at CHA bank . (Japan)
According to the initial assessment of VNCERT experts, Duy Tan University's server has been attacked by hackers and brought to the online phishing site that the management department is not aware of. By professional measures, VNCERT requires administrators of Duy Tan University website to immediately remove the phishing page to avoid damage to CHA Bank customers.
" We also offer two other requirements: The first is to ask this site administrator to provide the entire source code of the phishing page, in order to analyze it backwards to see if it is due to Vietnamese hackers advancing. If yes, we will hand this information over to the investigating agency (C15) to find the culprit, if it is a foreign hacker, we will leave it to JPCERT to handle the rest . "
VNCERT representative continued: " The third requirement is that we recommend Duy Tan website's management board to provide information on credit cards that phishing sites have been fraudulent in the past days. This is also a suggestion to help. from banks CHA . com and JPCERT, they want to know which accounts have been scammed to avoid damage to the lowest level! ".
According to the report of VietNamNet, Duy Tan University's phishing website has been conducted immediately at around 4:15 pm 6/7/2007. (ie after about 5 minutes, there is a message from VNCERT).
Mr. Do Ngoc Duy Trac, Head of Business Department of VNCERT in the process of exchanging with Reporter VietNamNet said: " As far as I know, security issues at university websites are much less than those of enterprises and the state. The reality is not only in Vietnam, the main reason is that they cannot invest much in security activities . "
" If possible, universities should try to put the website at a number of reputable hosting service providers, this will limit the security risks, and can handle quickly and thoroughly when incidents occur. The technical department should also check and backup the system regularly to control the best situation . " - Mr. Trac recommended.
In fact, this cooperation between VNCERT and JPCERT was not the first time, in February 2007, immediately after the Lunar New Year Festival, two CERT units had coordinated to remove two other websites of Vietnam hosting in VNGT. and VDC is affirmed to carry out phishing tricks of Japanese and Canadian banks.
It is known that in the afternoon of April 6, VNCERT also issued a dispatch to coordinate the big ISPs of Vietnam to prevent the spread of malicious code through the website nhatquang * .t35.com is tending to spread strongly through Yahoo Messenger network. in Viet Nam.
The Phong
- Phishing website grows 166% / month
- The website exploded phishing on the Web
- PayPal and eBay tops the list
- Phishing tool allows you to create a ghost website in ... 2 seconds
- Plug-in helps detect phishing websites
- The US website contains 63% of the malicious code
- 50 banks were phased in pharming-type fraud
- Damage caused by phishing established a new record
- The number of phishing sites set new records
- YoutTube will warn Japanese users about movie rights
- Vishing - phishing through VoIP
- Phishing threatens VoIP