Identified a website this morning that pose as Singnet Email website to steal email credentials.
Apparently the website belongs to a company in China. I called up the contact person listed on their website. Explained to them that their website has been compromised and used as a phishing site. The answer she gave, sadly is that the company has gone on vacation (Chinese New Year) and won’t be able to deal with the problem until the holiday season is over.
This means that the site will remain online, to phish for email credential over the Chinese New Year holiday. What a new year to start with.
The hacking group probably understand that the holiday season for them is more than 2 weeks. And starts the phishing site on the first day of the “chinese migration”. Many companies are closed during these period, leaving the city they worked in, back to their home for the celebration. This means that no IT staff, or personal will be able to deal with this problem until the day they are back to office. By which time, the damage could be more severe.
I can only see that their webserver has been compromised. However, if their email resides on the same server (Shared Hosting). Then it is likely that the all emails can be read. This means potential exposure for their partners, customers. For their clients in the EU, this will be subjected to penalties by GDPR, and PDPA for Singapore.
Maintaining a secured infrastructure not only prevents any business from cyber attack, it also maintains your company and brand reputation. Incidents like that could compromise other’s company data, is on the rise, and very worrying.
*This issue has already been reported to the webhosting company, the owner of the domain/website, as well as singnet abuse team
Update 20th February 2019:
The webhosting company responded by saying that they have informed the owner and the website has been removed.
We have also received an update from Singtel abuse team that they have blocked the URL.
Update 28th February 2019:
Very appreciative of Singnet help in blocking sites that are identified as phishing. This is very swift. it was a report made to them earlier.
Such works are usually ignored by many internet service providers or hosting vendors.
Have recently contacted a Let’s Encrypt to revoke certificate issued by them, being used in a phishing site which is https encrypted. They responded by saying that it is not their part to check if content is malicious and refused to revoke the certificate. Clearly not cooperative to eliminate phishing or scam website on their part.
I will continue to do my part for the internet community even though I’m not receiving much support from some service provider globally. But given that Singnet has helped me in this case, I know that I’m on the right path and will continue to do what I think is right – Eliminate phishing and scam websites