Spam: autoryzacja-mbank.com – additional review of your account

Phishing-socjotechniczna method of attack attempts like the first computers. Its origins date back to the years ' 90. According to Wikipedia, the history of the phishing started with AOL, which crackers have tried to steal from the portal users logins and passwords by sending them messages of type "confirm the information". Currently phishing provides more sophisticated methods and attack specific people, as a rule, having important or confidential data, documents or information relevant from the point of view of companies or even government-we are talking then about the spear phishing ( Ang. Spear-spear: phishing code). Methods of infiltration on the end. Probably the most advanced variant of phishing is a watering hole. This tactic does not reflect only the definition of phishing, but contains a phishing and spear phoshing.






Tactic watering hole (a tactic watering hole) is an effective way to penetration to larger companies and cybercriminals and hackers to infiltrate the smaller companies and subcontractors of third parties. This tactic has been defined in 2012 by RSA Security LLC and it involves attacking a specific group, organization, industry, region, and consists of three phases:

  • To predict or understand that Web sites often use a particular group.
  • Infection of a one or more of these malware pages.
  • As a result, computers belonging to the victims will be in the end of the infected.

Tactics of water makes it so that even groups that are resistant to spear phishing, and other forms of phishing will be at the end of zinfiltrowane. Use this strategy attacks drive-by download is very effective because users instinctively trust visited real websites. All this makes these attacks become more and more popular.

Phishing in mbank

It has come to our notice of subsequent attempts to extort from the customers data log confirming mbank. So it looks like that this campaign was launched some time ago about what he wrote Niebezpiecznik and it is possible that its effects are still reproduced by the same or other people trying to cash in on the naivety of ordinary citizens. The acquisition of e-mail bank customers was possible due to the use of an error in the script, forum Bank, which allowed to gain users ' email addresses, for example.

Development in error emails users you can get from your profile page, and to get all of it was enough to przeiterować the profile ID-niebezpiecznik.pl

And here is the content of the message:

Dear mbank!

Access to your account has been blocked, the reason for the lock is unauthorized access to your account (or any other version of spam-"savings account").

Due to the large amount of account thefts of our customers we perform additional authorization (or in another version of the spam-"additional verification").

To confirm please log in to your account, mBank (or in another version of the spam-"in order to verify please log in to your account mBank).

Click here to log in-> Page leads to hxxp://autoryzacja-mbank.com

The band's mBank.






Firefox and Chrome already block fake site. IE not yet. And for example antivirus message:










After entering the ID and password and logging in, followed by the "authorization", the transfer of your data to the con artists and redirect the client to the real login page to the Bank: https://online.mbank.pl/pl/Lo…

What to do if you have entered your details?

"The message was not sent from mbank. This is an attempt to trick you. Do not use the link attached to the message. When you receive messages, we recommend that you change all passwords for mbank, scan your computer with a virus scanner. If you use the link included in the message, you must submit a claim. Rules on the admission of complaint are described on the website: http://www.mbank.pl/o-nas/reklamacje.html -the mysterious Iwona mbank forum. "

Mbank customers about your safety can more read on this site.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.