It’s not cricket! Sri Lanka and Bangladesh co-host phishing attack

Sri Lanka and Bangladesh have a successful history of co-hosting the Cricket World Cup, but today the two countries’ governments have found themselves on a sticky wicket by co-hosting a phishing attack that targets UK banking customers.

Victims lured to a certain page on the Lanka Government Network website at lgn2.gov.lk will be swiftly redirected to a phishing site hosted by the Rajshahi Metropolitan Police in Bangladesh (rmp.gov.bd).

The phishing site hosted on a Bangladesh Police website.

It is unlikely that either government is consciously hosting a phishing attack in unison like this, especially on a website belonging to a police force – although this should certainly make the crime easier to investigate.

Many phishing sites and other web-based types of cybercrime are hosted on compromised servers, and that looks likely to be the case in this instance. Last month, the homepage of lgn2.gov.lk was defaced by a group identifying itself as Cyb3r Drag0nz, indicating that they had gained unauthorised access to the web server.

This article has been indexed from Netcraft

Read the original article: