May 6, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
SEVERITY: Medium
CATEGORY: Phishing
ANALYSIS SUMMARY
Following the previous two phishing campaigns that spoofed Summit Bank and Bank Al-Habib, the streak continues targeting bank employees in Pakistan with two fresher campaigns. This time the attackers spoofed Faysal Bank’s internet banking site and the Standard Chartered Bank. The email claiming to come from Faysal Bank looks like this:
Whereas, clicking on the “Click Here Now”, users are redirected to a malicious URL that looks very similar to the legitimate Internet Banking site of Faysal Bank. An unsuspecting user isn’t likely to differentiate between the fake and the original site.
Second campaign of the day fakes the identity of Standard Chartered Bank and has targeted more than hundred bank employees in Pakistan. The email pretending to be coming from Standard Chartered bank looks like this:
The hyperlink in this email also redirects to a URL which again looks similar to the legitimate site.
However, this time the site requires more information other than just credentials. When the information is provided, the user is redirected to the login page of original website of the bank, not logged-in.
Impact
Credential Theft
Exposure of Personal Information
Indicators of Compromise
URLs
https[:]//cbd9[.]net/images/query/faysalmobit/faysalmobit[.]php http[:]//blayzercommerce[.]com/wp-content/themes/twentysixteen/schartered/schartered[.]html
Email Address
noreplymobit[@]faysalbank[.]com[.]pk
iBanking[.]Pakistan[@]sc[.]com
Email Subject
Faysal Bank Account Locked
Standard Chartered Bank – Account Locked
Remediation
The count of these phishing campaigns targeting bank employees in Pakistan and spoofing the identity of banks has reached four now. It is advised to strictly avoid opening irrelevant or unexpected emails, attachments and URLs even if the source looks as legitimate as a financial organization.
