D-Mart Phishing Attack

With each passing day, businesses are seeing more and more malicious emails in their inboxes which are turning out to be dangerous for their website and the users visiting it. Phishing attacks are evolving due to new ways which are being used to lure a victim and take advantage of his/her data. Phishing is an online attack and is disguised in an email so that the recipient is tricked to read the message and click on a link or provide bank details. Cyber-attacks dates back to the 1990s and it is still one of the most widespread attacks with phishing messages and newer techniques. A lot of companies are targeted and many users have been falling victim to these attacks now-a-days.

The most recent Phishing scam which has hit the social circuit is ‘The D-Mart Anniversary Celebration’ message. Renowned store in India, D-Mart has been the latest company to be hit by the scam as their name was used for this attack. The viral message was as follows:

“D-Mart is giving FREE INR 2,500 shopping voucher to celebrate its 17th anniversary, click here to get yours: http://www.dmart?ndia.com/voucher , Enjoy. “

This attack was a type of Homoglyph Attack where a deceptive link is circulated which has similarities of the original domain name but the characters are changed, which almost looks like the original domain name.

In D-Mart’s case, the URL which was used for Phishing is http://www.dmart?ndia.com/voucher instead of the original URL which is http://www.dmartindia.com/

Now if you will look closely, the attacker has replaced the letter “i” with “I” which is a letter used in almost all Cyrillic alphabets.

What exactly is a Homoglyph Attack?

A Homoglyph Attack is a way of deception to fool users using a phony domain and luring them to visit the website which possess the similarities of an original domain. This attack contains script spoofing and homograph domain name spoofing – which contains letters and numbers that look alike. When a user clicks on this link then the page is redirected to another website which will ask the users for his/her personal information along with payment details; this is where is the user falls victim to the attack.

For example, a regular user of example.com may be lured to click a link where the Latin character “a” is replaced with the Cyrillic character “a”

Recently Jet Airways was in news due to suffering the same kind of attack but ESDS’ web security scanner ESDS VTMScan, detected these Phishing scams in both the cases by zeroing on its origins. Created by the Homoglyph Attack Generator, the link of the scam ad is a very smartly created cheat domain. If you have already opened such URL, then it would be better to change your passwords.

How can we protect ourselves from Phishing Attacks?

These basic steps will ensure that you are safe and protected from Phishing attacks:

  1. Being sensible when it comes to Phishing Attacks is more than enough to avert any kind of further disaster. Check you mails and smartly browsing online will definitely ensure that you are safe and far away from falling victim to any kind of Phishing attack.
  2. Staying vigilant when you see a shortened link is also important because attackers use these kinds of links to trick you into thinking that you are clicking on a legitimate link.
  3. If any email you receive looks suspicious then it is better if you ignore it and delete before it causes any further harm.
Shubham Kale
Latest posts by Shubham Kale (see all)

 

Leave a Reply

Your email address will not be published. Required fields are marked *