Another new phishing campaign against Bank of Ireland customers
by Maciej Makowski
Quick Sunday evening threat research: this feels like a bit of a deja vu – or maybe it’s a seasonal thing – last year, nearly exactly to the day, I wrote about a phishing campaign targeting Bank of Ireland users.
In an uncanny coincidence, a very similar, new phishing campaign just launched.
Malicious SMS messages are being sent from a spoofed BOI number, containing a link to a domain hosted in Ukraine on IP address 184.108.40.206 – created today…
The link won’t open on a desktop browser as the website appears to conduct user agent validation only allowing access to mobile devices.
For the same reason, it also evades detection and scanning with urlscan…
But good old VirusTotal still detects it:
The same IP address hosts two more similar phishing websites:
A quick scan with Shodan reveals a total of 15 open ports – some of which allow direct connection to control panels for the fraudulent domains – not what you would expect to see on a legitimate Bank of Ireland domain, right?
The IP address belongs to a Hong Kong hosting provider Eranet.
Their email address for reporting abuse is support(at)tnet.hk – going to send this article to them now and hopefully this fraudulent operation is taken down promptly.
About the Author:
Maciej Makowski - information security specialist with a strong background in criminal investigations and online safety. Spent nearly 13 years working as a police officer and cyber crime detective in An Garda Siochana, Ireland’s National Police and Security Service. Graduate of University College Dublin, also received professional qualification in data protection from the Law Society of Ireland. Experienced Axiom, Encase and FTK digital investigator, certified Cellebrite forensic mobile examiner. Author of osintme.com, a blog on open source intelligence and digital privacy.
The article originally published at: https://www.osintme.com/index.php/2021/07/25/another-new-phishing-campaign-against-bank-of-ireland-customers/