tel: +2348055401551 (sms, whatsapp)
skype: tokunboajewole

Zenith Bank Plc Internet banking login alert: an analysis of a scam email

Yesterday, I sent a mail to Zenith Bank Plc, with an attachment - a document that analyzed a scam email a friend of mine received about his "supposed" account in Zenith Bank (my friend didnt have an account in Zenith).

See below:

=======================================================

Dear sir,
My name is [my name went here] a bonafide Nigerian citizen. I would like to bring to your attention a technical analysis of a scam email which a friend of mine received, and which we would like you to act upon as we are able to retrieve the email addresses of these scammers, perhaps they could be your customers.

Screenshot of the original Email:

Figure-1:

fig1

Figure 2: scroll over the link in the email:

fig2

pls click on above picture to enlarge

Email Header screenshots:

Figure 3:

fig3

pls click on above picture to enlarge

Figure-4:

fig4

pls click on above picture to enlarge

The source of the original email is above.


Analysis: from figure-1
From the original email, this link: http://wwww.zenithbank.com/internetbanking/login/security.aspx?
Redirects to: http://sophro-massages.com/wp-includes/images/smilies/maxi1.php

Meanwhile, filename 'maxi1.php' redirects to:
http://pousadaborboleta.com/1site/wp-includes/ID3/background/view.htm, a google reported forgery site.

Further analysis walking back to the root at http://pousadaborboleta.com/1site/wp-includes/ID3/background reveal a file structure below:

Figure-5:

fig5

pls click on above picture to enlarge

fig6

pls click on above picture to enlarge

The above domain is a wordpress site. Analysis of above(zenith.php and zenit1.php) files reveals email addresses below.

Figure -6:

fig7

pls click on above picture to enlarge

Request:: could you help and assist to check your customer database if any of the above email addresses map to any account numbers?

Warm regards,
[my name here]
[my phone number]

============

Remarks:

In my own opinion, our banking institutions are part of the larger problem of fraud and scams in Nigeria, and until they take it very seriously, there is no end in sight. Times without number, individuals who got arrested for fraud-related issues have been linked to an insider, a bank staff who knows the in's and out's, devices procedures and strategies to fleece people of their earnings.

And the rate at which nameless people can clone banking websites, deploy them without the bank knowing how many websites are linking back to theirs(could be a nice way to check the web for reversely malicious content) is quite alarming.

How can we curb, stop, put an end to the activities of scammers in our banking institutions in Nigeria? your comments and opinions are welcome.

Add comment


Security code
Refresh

I use Linux 24x7

Recent Comments