NBK Scam Phising - Investigated
MY K, from MY K Blog wrote about a National Bank of Kuwait (NBK) Phishing scam.
The scam works by sending you an email telling you to go to a seemingly valid banking site and update your account number and PIN code. That site would be a fraudulent site and what it does is send to the fraudsters your personal information that you just entered. Later they will log on to your account and try to transfer money out of it.
I did a little investigation and read the source code of the NBK fraudulent site. I found some clues such as the signature niarB, which is Brain in reverse. Searching around I found some more information about this elusive Brain. It turns out that Brain is a group of Morrocan fraudsters calling themselves Mr. Brain. They offer phishing/scam kits on the Internet that allow you to set up a fraudulent site that looks like a popular bank's page. When the poor victim enters his information, that information is sent to the fraudsters who used Mr. Brain's tools. A copy is also sent to the Morrocan Mr. Brain team. More information about this scheme can be found at Trend Micro's Site and also at Netcraft's Site.
In addition to the Mr. Brain's signature found in the source code, there is also a coded string that represents the email address. The string is "245616c647881696e30384067617761622e636f6d". It probably is the email address of the fraudster.
I did not bother to decode it, but if NBK wants to, they can always catch the Mr. Brain team and they can explain everything to them.