An antispam researcher has uncovered a phishing scam that uses computers belonging to both a medical transcription outsourcing company and the Government of Malaysia. The scam was discovered by Bill Carton, an engineer based in San Diego who has spent the last 10 years as a volunteer antispam activist, shutting down bulk e-mailers in his spare time. Carton received an e-mail Friday morning that purported to be from eBay Inc.'s PayPal service.

It read like a standard phishing pitch: "It has come to our attention that your account information needs to be updated," the e-mail said. "If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service."

What was unusual, however, was the fact that the link in the e-mail was to a fake PayPal site hosted by servers in the Malaysian government's gov.my domain. "This one was interesting because of the Malaysian angle. A government server usually gets my attention," Carton said. Closer investigation revealed that computers from another trusted source had been used to send out the phishing e-mail.

This is not the first time that the gov.my Web site been used by phishers, according to Laudanski. It has been used at least four other times since April of this year to spoof brands such as Chase, Citibank, and eBay, he said.

Our checks reveal that the .gov.my servers which are referred to in the above article belong to JAKIM [http://www.islam.gov.my/] and Majlis Perbandaran Kajang [http://www.mpkj.gov.my/]. Apparently they were alerted about the breach by this blogger and removed the offending page from their servers about one month back. The damage however has already been done.

[ Links : JAKIM phishing page report ]

Your Name:

Your Email Address:

Your Homepage:

Rate this article:
Poor Great

Comment:

BOLD

"QUOTE"

UNDERLINE