Location of the fraudulent website is in Iran's capital city, Tehran

Aug 19, 2014 21:37 GMT  ·  By

Phishing campaigns are never taking a break and in one of their latest attempts cybercriminals seek to grab the log in credentials of the HSBC Bank customers.

Crooks started spreading out emails with text designed to lure unsuspecting victims to access a website purporting to be from the bank, prompting them to log into their banking account.

However, the entire website is a fake, impersonating the legitimate one from HSBC Bank. One clue showing the true colors of the scam is the connection type, which sends the information from the client to the server in an insecure manner.

MillerSmiles analyzed a sample of the fraudulent email and determined the location of the fake website to be in Tehran, Iran.

The incentive for accessing the link and landing in the malicious location is a message asking the potential victim to verify their account by signing in.

In most cases the reason is most often a security check, in order to eliminate suspicions, but in campaign the email subject claims that the banking account is inactive.

“We've noticed that your account has been inactive for some days. To safeguard your account, we've classified it as dormant,” read the first lines of the message body.

Phishing websites are generally alive for just a few hours but even with this short lifespan crooks still manage to make plenty of victims; moreover, they set up new domains to continue the nefarious activity.