Notifications entitled “Your End Of The Year Account Status,” purporting to come from ASB Bank Limited, are created by cybercriminals to lure ASB customers to a fake login website that’s designed to collect their online banking credentials.“ACCOUNT NOTIFICATION, This is to informed you that your End Of The Year profile needs to be updated. Please kindly CLICK HERE the ASB Bank link to Update your account, or visit your nearest ATM,” the bogus notifications, provided by millersmiles.co.uk, read.
Users who fall for it and click on the link are taken to a webpage that replicates the FastNet login page provided by ASB to customers.
In this particular case, the cybercriminals have compromised the site of an Indian official to host a script that redirects victims to the phishing page.
The phishing page is flagged by browsers as being malicious, but the crooks will likely relocate it to a different domain to keep the operation alive.
Be sure to avoid such emails. If you’ve already provided your details, be sure to contact ASB immediately.