Yesterday, I sent a mail to Zenith Bank Plc, with an attachment - a document that analyzed a scam email a friend of mine received about his "supposed" account in Zenith Bank (my friend didnt have an account in Zenith).
See below:===============================================
Dear sir,
My name is [my name went here] a bonafide Nigerian citizen. I would like to bring to your attention a technical analysis of a scam email which a friend of mine received, and which we would like you to act upon as we are able to retrieve the email addresses of these scammers, perhaps they could be your customers.
Screenshot of the original Email:
Figure-1:
Figure 2: scroll over the link in the email:
pls click on above picture to enlarge
Email Header screenshots:
Figure 3:
pls click on above picture to enlarge
Figure-4:
pls click on above picture to enlarge
The source of the original email is above.
Analysis: from figure-1
From the original email, this link: http://wwww.zenithbank.com/internetbanking/login/security.aspx?
Redirects to: http://sophro-massages.com/wp-includes/images/smilies/maxi1.php
Meanwhile, filename 'maxi1.php' redirects to:
http://pousadaborboleta.com/1site/wp-includes/ID3/background/view.htm, a google reported forgery site.
Further analysis walking back to the root at http://pousadaborboleta.com/1site/wp-includes/ID3/background reveal a file structure below:
Figure-5:
pls click on above picture to enlarge
pls click on above picture to enlarge
The above domain is a wordpress site. Analysis of above(zenith.php and zenit1.php) files reveals email addresses below.
Figure -6:
pls click on above picture to enlarge
Request:: could you help and assist to check your customer database if any of the above email addresses map to any account numbers?
Warm regards,
[my name here]
[my phone number]
============
Remarks:
In my own opinion, our banking institutions are part of the larger problem of fraud and scams in Nigeria, and until they take it very seriously, there is no end in sight. Times without number, individuals who got arrested for fraud-related issues have been linked to an insider, a bank staff who knows the in's and out's, devices procedures and strategies to fleece people of their earnings.
And the rate at which nameless people can clone banking websites, deploy them without the bank knowing how many websites are linking back to theirs(could be a nice way to check the web for reversely malicious content) is quite alarming.
How can we curb, stop, put an end to the activities of scammers in our banking institutions in Nigeria? your comments and opinions are welcome.