The phishing site imitated Kaspi.kz

The computer emergency response team KZ-CERT announces the detection of a phishing link that imitates the Kaspi.kz official Internet resource.

On July 29 of this year, the KZ-CERT team received an appeal about a suspicious Internet resource that duplicates the Kaspi.kz official Internet resource, disguising itself under the domain name kaspi-bannk.com.

Specialists conducted a detailed analysis of this Internet resource, according to the results of which the presence of phishing forms was recorded. The fact of the information security incident revealed that the domain name kaspi-bannk.com was registered on July 29 of this year.

A distinctive feature of this phishing link was that, when going to the page, the first pop-up window was registration / authorization. I would like to note that when switching to the official Kaspi.kz resource, the first pop-up window is the main page where the online store is displayed.

As conceived by the fraudsters, cardholders needed to enter: a trusted phone number and password. After which the user, without noticing that, was sent to the loading.php page and upon receipt of the sms code, had to enter it, thus providing access to his accounts.

This Internet resource is classified by the KZ-CERTas a “fraudulent Internet resource / Phishing on the Internet”.

Recall, earlier on July 11 and 16 of the current year, the KZ-CERT Service detected phishing forms of the homebank.kz Internet resource, with a similar fraud scheme.

Taking into account the above, we urge all Kazakhstan people to pay attention to a domain name (entered in the search bar), and in the event of the discovery of this kind of suspicious internet resource, please inform our specialists at a toll free number 1400 (round-the-clock) or send a request at http: http: //www.kz-cert.kz/ru/form, also send an email to: incident@kz-sert.kz.