Phishing on a Digital Binary Warning Abstract

Fresh Phish: A Roundup of Campaigns in the Wild

We’ve spotted three different phishing campaigns, each targeting specific clientèle of services they mimic.

For the purpose of brevity, we’ve only shown a sample for each campaign although there are several live pages for all.

As you may already know, dear Reader, phishing attempts usually start with unsolicited emails that generally alert users to take action, such as prodding them update their information under the pretext of fulfilling some security measure.

We advise you to take note of the following campaigns below and be wary of such mails arriving in your inbox, if not in your Spam folder.

USAA Phishing is Back

The United Services Automobile Association, or USAA, is a private organization that offers services such as insurance, banking, and investing to US military soldiers and their families.

This latest campaign pretends to have “upgraded” the user’s protection as part of its supposed security policies, and that users have to verify the their account by re-entering their information again. It asks for their SSN, PIN, verbal phone password, email credentials, and answers to secret questions.

This particular phish is hosted on a website that we believe have been compromised. As I write this, the website owners have already taken down the page.

If you or someone you know is a member of USAA, below are some helpful links you may want to peruse for your reference or refer them to. Visiting these pages will also help determine the steps to take if one have encountered a phishing page or email:

Related post: Steer Clear of USAA Phishing Campaigns

ICICI Bank Phishing

A notice to the ICICI Bank clientèle: several active phishing campaigns after you have been bouncing around on the net for a couple of days now.

And one can never be too careful when doing anything related to online banking, especially if he/she is serviced by one of the big four banks of India. Similar to the USAA campaign, this also asks users to update their records, particularly their names, credit card details, and date of birth.


click to enlarge

Once all information are provided, the phishing site posts them to a PHP page that is also hosted on the domain before redirecting users to a non-existent destination within the domain.

ICICI Bank also has its own Fraud page wherein clients can report incidences. Please visit the link or email

Phishers Home in on Seniors

Apart from con artists, there is another threat that older daters may want to look out for as well: fraudsters.

OurTime.Com, a legitimate dating website catering to single seniors 50 years and above, have become the target of phishers. According to a PEW Research Study in 2013, 50-plus online daters are more at risk when it comes to scams.

This is due to their general lack of awareness of the possible dangers they may encounter online.

The phish we found is served on what appears to be an abandoned and taken-over domain. Visiting the URL leads us to its open directory where we can see four more phishing campaigns and the destination page where harvested information are posted.

The OurTime phishing page asks for the user’s login credentials, which are their email address and password. Once provided, information are posted to post.php, and then users are redirected to the legitimate logout page of the said dating site.

Unfortunately, we couldn’t find any avenue wherein OurTime users can report fraud incidences. They do, however, have a contact page where users can post their questions.

Safe surfing, dear Reader, and careful what you click!

Jovi Umawing


Jovi Umawing

Knows a bit about everything and a lot about several somethings. Writes about those somethings, usually in long-form.