First published: 26th November 2014
The website of the local police in Nachueak, Mahasarakham, Thailand has been taken over by criminals to host phishing redirects. Yui Kee became aware of the break in when an obvious phishing email for a Malaysian online bank was received. The link provided for logging in went to http://www.nachueak.mahasarakham.police.go.th/media/kunena/index.htm which in turn redirected to http://e40.pl//wp-content/plugins/mbbssl/mbbssl/M2ULogin.doaction=Login.html, which is a fake login page for Maybank2U.
Unfortunately, that is not the only fraudulent redirect on the police website. The home page of the site, http://www.nachueak.mahasarakham.police.go.th/ redirects to http://santiagolanches.com.br/mbbssl/mbbssl/M2ULogin.doaction=Login.html which is another reported attack page.
Users can protect themselves, firstly, by not following links in emails. Secondly, be aware that the visible text of a link may be different to the actual link destination, and use software that allows you to see the underlying link - for example, when hovering the cursor over the link, the destination is shown in the status bar. Thirdly, for important websites (such as online banking), type the address into your browser yourself. Fourthly, check the identity of the website, in this case, the real Maybank2U website looks similar to the fake page, but the site has a valid SSL certificate, which the browser indicates by highlighting the name of the site owner in green on the address bar. Further information about the certification is shown on hovering over the green block.
IT Security teams in large organisations need to remember that they should monitor small branch offices, that may have a much lower understanding of online threats.