Bank of America phishing hack

95 Comments / Blog / By

phishing02.jpg
Salam to all my readers. Well, I believe some of you already know what is a phishing. According to Wikipedia,

phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

In a simple word, my blog server, AdlanKhalidi.com has been hacked with a phishing attack. Out of nowhere, the hacker has installed Bank of America phishing page into my themes folder. Check the screen shot.
[singlepic=322,320,240,,center]
Personally and honestly, I don’t know how it works and I don’t really care about it. So, let me tell you how it happens.

Thursday, February 5, 2009
On my way back home from UIA, I received a call from Robot regarding a phishing activity. He wanted to confirm with me whether I know about it. I told him I have nothing to do with it.

I’ve checked my email with the subject ‘Security Alert’ from my hosting admin. Eventually, Bank of America has contacted JARING to inform about one of the server (AdlanKhalidi) has a phishing site. They asked me to redirect the site to a AntiPhishing website.

But then, after I’ve redirected the lenghty URL, it doesn’t work. I believe that the hacker has install some script that stops the URL redirect.

Friday, February 6, 2009
My entire blog server was blocked. I’m unable to view my blog and my server.

Sunday, February 8, 2009
Just before I wrote this entry, I’ve tried to delete the whole phishing folder inside my server. Guess what? It can’t be deleted, the server log said that: Permission denied.
phishing02.jpg
So, I’ll have to ask for my hosting Master Admin to help me delete all those nasty folders.

Lesson: Increase the security of your password

Guess this is one of the lesson I should have taken earlier. My original password is way too easy. Its going to take less than 30 minutes for someone to hack into my server. So, some of the tips in choosing a password are:
-At least 8 characters in length
-At least 1 number
-At least 1 special character
-Upper and lowercase.

Read more about Good Password Tips and Password Management.

I hope this thing won’t happen again. It may happen to anyone of us. Is there any Malay term for phishing? Can I suggest ‘Panching’ or ‘Pancheng’ as a translation for it to DBP?

95 thoughts on “Bank of America phishing hack”

  1. zelo55

    tu la bro…
    yg pling penting clear smua history n cookies lps browse dr mne2…
    even dr comp sndri..
    ak pon pnh kne…
    siap trtukar password akaun aku…
    nsb baik leh kontrol blik dr cpanel…
    klau x…
    masak….

    zelo55 latest post: Lawak Hari Sabtu.

    Reply
  2. zelo55

    tu la bro…
    yg pling penting clear smua history n cookies lps browse dr mne2…
    even dr comp sndri..
    ak pon pnh kne…
    siap trtukar password akaun aku…
    nsb baik leh kontrol blik dr cpanel…
    klau x…
    masak….

    zelo55 latest post: Lawak Hari Sabtu.

    Reply
    1. myadlan

      sebelum ni memang da tau da. banyak kes Maybank2u dan CIMB jadi phishing site. tapi tak sangka plak kali ni sendiri jadi ‘penaja’ tak rasmi phishing site omputih ni..

    1. myadlan

      sebelum ni memang da tau da. banyak kes Maybank2u dan CIMB jadi phishing site. tapi tak sangka plak kali ni sendiri jadi ‘penaja’ tak rasmi phishing site omputih ni..

    1. myadlan

      you are welcome. takde hal. saja sharing2 dgn kawan2 supaya berhati2 di alam siber ni..hehe
      kalo pakai blogspot, insyaAllah tak jadi nye. kalo tak nanti Google kena saman!

    1. myadlan

      you are welcome. takde hal. saja sharing2 dgn kawan2 supaya berhati2 di alam siber ni..hehe
      kalo pakai blogspot, insyaAllah tak jadi nye. kalo tak nanti Google kena saman!

  9. omar s

    owh…nice info.scary giler kner bender nih..tpi biasernyer mender ni adalah hobi phisher2. tujuan adalah utk menguji sekuriti yg mereka sendiri develop…tol tak?

    ~dlm bahasa melayu mungkin “digodam”

    omar s latest post: Apakah?

    Reply
    1. myadlan

      yep. hacked tu boleh diterjemah sebagai digodam. tapi untuk ‘phishing’ camne plak kan..?

      tapi memang pelik la kalau developer wordpress sendiri yg test power. wat la kat blog orang lain. apahal aku yg jadi mangsa plak? hobi yg menyusahkan orang je..

  10. omar s

    owh…nice info.scary giler kner bender nih..tpi biasernyer mender ni adalah hobi phisher2. tujuan adalah utk menguji sekuriti yg mereka sendiri develop…tol tak?

    ~dlm bahasa melayu mungkin “digodam”

    omar s latest post: Apakah?

    Reply
    1. myadlan

      yep. hacked tu boleh diterjemah sebagai digodam. tapi untuk ‘phishing’ camne plak kan..?

      tapi memang pelik la kalau developer wordpress sendiri yg test power. wat la kat blog orang lain. apahal aku yg jadi mangsa plak? hobi yg menyusahkan orang je..

    1. myadlan

      apa nak risau.. ko kan ada ramai kawan2 kat internet ni. pasti diorang boleh membantu. especially minta bantuan webhosting tula. time ni baru leh tengok kepakaran diorang nak handle2 benda camni..

    1. myadlan

      apa nak risau.. ko kan ada ramai kawan2 kat internet ni. pasti diorang boleh membantu. especially minta bantuan webhosting tula. time ni baru leh tengok kepakaran diorang nak handle2 benda camni..

  17. johnnabes

    wow..sampai camtu skali payahnye nak solve..mmg bahaya ek..harap2 x kene,kalau nasib x baik karang meraung x sudah la nanti nye..huhuhu

    Reply
    1. myadlan

      haha. ko pakai blog friendster.. pasti selamatnya.. kalo tak, nanti macam ari tu la time friendster kena hack.. mesti sume orang meraung!

  18. johnnabes

    wow..sampai camtu skali payahnye nak solve..mmg bahaya ek..harap2 x kene,kalau nasib x baik karang meraung x sudah la nanti nye..huhuhu

    Reply
    1. myadlan

      haha. ko pakai blog friendster.. pasti selamatnya.. kalo tak, nanti macam ari tu la time friendster kena hack.. mesti sume orang meraung!

    1. myadlan

      ntah la TG.. aku pun tak mengerti..

      tapi kes phishing banyak la berlaku kt orang2 yang tak arif pasal keselamatan siber ni..

      dan jugak utk orang2 yg alpa n cuai utk logout kalau guna kat public computer seperti kat cybercafe

    1. myadlan

      ntah la TG.. aku pun tak mengerti..

      tapi kes phishing banyak la berlaku kt orang2 yang tak arif pasal keselamatan siber ni..

      dan jugak utk orang2 yg alpa n cuai utk logout kalau guna kat public computer seperti kat cybercafe

    1. myadlan

      huhu.. nothing really special apart of low security features.. wordpress is easy to hack. that’s what i’ve learnt from this incident

    1. myadlan

      huhu.. nothing really special apart of low security features.. wordpress is easy to hack. that’s what i’ve learnt from this incident

    1. myadlan

      haha. memang la duit tak keluar. tapi saje. cambest ada domain sendiri.. hehe

      saya kenal dgn robot sejak 2006 lagi time join program taaruf week kt UIA. actly kalo search nama ‘robot’, memang banyak kali bleh jumpa dlm blog ni.. hehe

    1. myadlan

      haha. memang la duit tak keluar. tapi saje. cambest ada domain sendiri.. hehe

      saya kenal dgn robot sejak 2006 lagi time join program taaruf week kt UIA. actly kalo search nama ‘robot’, memang banyak kali bleh jumpa dlm blog ni.. hehe

Leave a Comment

Your email address will not be published. Required fields are marked *