Phishing attacks are on the rise in the UAE; Mashreq (bank) appears to be the prime target. Take a look at the below screenshots for some of the more recent samples.

Figure 1 – Mashreq bank phishing email

Figure 2 – HSBC phishing email

Figure 3 – Llyods TSB phishing email

Figure 4 – Abu Dhabi Commercial Bank – ADCB phishing email

The attack targeting Mashreq customers is out of the ordinary. It does not link back to any external phishing page but instead provides an html page as an attachment and looks quite convincing. The attachment is done nicely that fetches images and other html elements directly from the official website – mashreqbank.com. Once the victim fills in the login information, it is emailed to the attacker using the free formbuddy.com web to mail gateway – a simple yet effective trick that even demonstrates how virtual screen keyboard security control deployed by Mashreq can be bypassed.

Figure 5 – Fake Mashreq bank login page attached with the phishing email

The cyber criminals behind Mashreq bank phishing attacks were likely responsible for the incident reported today in the local daily, Gulf News. It is a shame that the bank did not pickup on the series of transactions which were likely scheduled beforehand; even worse is the fact that it denied all liability. Certainly there are several technical controls that could have been placed by the bank in this case to avoid such an incident in the first place.

Bottom line: how does an average person protect against  such threats ? Nothing beats simply staying alert and not responding to a seemingly legitimate email request that calls for any action resulting in having to send login credentials over the Internet. Combine this with use of a computer system that can be deemed trustworthy and you have reasonable assurance that you are protected.