Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×
Essential Maintenance Nov 28 :We'll need to put the forum into "Under Maintenance" mode from 9 PM to 1 AM (approx).GMT+7

Net phishing through bangkokimmigration.co.th?

Felt 35

By Felt 35
in IT and Computers

 Share

Recommended Posts

Felt 35 Platinum Member

Felt 35

Posted
Posted (edited)

Don't know if its a coincidence but I had a problem with signing in for a few days last weekend on TV and found today 5 different blocked attempt on net phishing on my computer and the source was bangkok.immigration.co.th!!!

Anyone know more about what the web address represent and how it can get through?

Edited by Felt 35
Felt 35 Platinum Member

Felt 35

Posted
  • Author
Posted (edited)

Can you be a bit more precise ?

Which program gave you these blocked messages ?

What was the exact message ?

Maybe also a good idea to scan your pc with some programs like:

HitManPro : http://www.surfright.nl/en/hitmanpro/

SuperAntiSpyware : http://www.superantispyware.com/download.html

MalwareBytes Antimalware : http://www.malwarebytes.org/mwb-download/

Not sure what you mean but the phishing protection log in the internet security system I use show me the latest attempt from this addresses. I have as far as I can think of not been into any webpages regarding immigration lately, but as probably many others here downloaded and saved a few forms from the "real" immigration for use here in Thailand.

However if I look up bangkok.immigration.co.th a warning comes up from the security system.

Edited by Felt 35
RichCor Platinum Member

RichCor

Posted
Posted

I'd be interested, like MJCM, to know more about this 'phishing' attempt. What what application/website you were connecting to when it occurred and and what security app message was displayed.

Wikipedia: Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

What did the 5 blocked attempts as net phishing on your computer look like? Redirected to a fake web site? Real website with iFrame injection asking for User/Pass?

Are you SURE that it's from a co.th rather than a go.th TLD?

Assuming \\bangkok. is a machine name, immigration.co.th whois results:

Whois Server Version 2.1.2

Domain: IMMIGRATION.CO.TH
Registrar: T.H.NIC Co., Ltd.
Name Server: NS139.ICC-DNS.COM
Name Server: NS140.ICC-DNS.COM
Status: ACTIVE
Updated date: 23 Apr 2013
Created date: 4 May 2011
Renew date: 4 May 2014
Exp date: 3 May 2015
Domain Holder: Siam Legal Immigration Services Co., Ltd. ( บริษัท สยาม ลีเกิ้ล อิมมิเกรชั่น เซอร์วิสเซส จำกัด )
399 Interchange 21 Bldg., 23rd Flr, Sukhumvit Rd, Klongtoey
Wattana Bangkok
10110
TH

Tech Contact: 37732
Ideal Creation Center Co., Ltd.
35 ถ.โชติวิทยะกุล 2 ต.หาดใหญ่ อ.หาดใหญ่ จ.สงขลา x
90110
TH

>>> Last update of whois data: Fri, 14 Feb 2014 20:56:58 UTC+7 <<<
MJCM Diamond Member

MJCM

Posted
Posted

<snip>

Not sure what you mean but the phishing protection log in the internet security system I use show me the latest attempt from this addresses. I have as far as I can think of not been into any webpages regarding immigration lately, but as probably many others here downloaded and saved a few forms from the "real" immigration for use here in Thailand.

However if I look up bangkok.immigration.co.th a warning comes up from the security system.

Which Internet Security System are you talking about or let me rephrase that, which program does give you this warning ?

Is it a warning like this

Ps: @Naam Good one !! Cover the basics whistling.gif

lopburi3 Legendary Member

lopburi3

Posted
Posted

That is the official web site for Division 1 immigration and has nothing to do with Siam Legal registration of another web site listed above. There is no www before the name and it loads fine in my Firefox but do have pop-up blocked due to security settings.

astral Star Member

astral

Posted
Posted

.Go.Th is the official site and loads perfectly

.Co.Th seems to have problems

All very confusing, I must admit. :bah:

  • Like 2
JakeBKK Silver Member

JakeBKK

Posted
Posted (edited)

.Go.Th is the official site and loads perfectly

.Co.Th seems to have problems

All very confusing, I must admit. bah.gif

aside, the sites are operated by a bunch of privateers. there are open ports, services and so on. it security is certainly not their strong suit.wai2.gif

Edited by JakeBKK
Felt 35 Platinum Member

Felt 35

Posted
  • Author
Posted

<snip>

Not sure what you mean but the phishing protection log in the internet security system I use show me the latest attempt from this addresses. I have as far as I can think of not been into any webpages regarding immigration lately, but as probably many others here downloaded and saved a few forms from the "real" immigration for use here in Thailand.

However if I look up bangkok.immigration.co.th a warning comes up from the security system.

Which Internet Security System are you talking about or let me rephrase that, which program does give you this warning ?

Is it a warning like this

attachicon.gifcap_1.JPG

Ps: @Naam Good one !! Cover the basics whistling.gif

No, when checking the log in the Internet security it comes up,blocked attempted phishing, and the address I found under details.

Felt 35 Platinum Member

Felt 35

Posted
  • Author
Posted (edited)

I'd be interested, like MJCM, to know more about this 'phishing' attempt. What what application/website you were connecting to when it occurred and and what security app message was displayed.

Wikipedia: Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

What did the 5 blocked attempts as net phishing on your computer look like? Redirected to a fake web site? Real website with iFrame injection asking for User/Pass?

Are you SURE that it's from a co.th rather than a go.th TLD?

Assuming \\bangkok. is a machine name, immigration.co.th whois results:

Whois Server Version 2.1.2

Domain: IMMIGRATION.CO.TH

Registrar: T.H.NIC Co., Ltd.

Name Server: NS139.ICC-DNS.COM

Name Server: NS140.ICC-DNS.COM

Status: ACTIVE

Updated date: 23 Apr 2013

Created date: 4 May 2011

Renew date: 4 May 2014

Exp date: 3 May 2015

Domain Holder: Siam Legal Immigration Services Co., Ltd. ( บริษัท สยาม ลีเกิ้ล อิมมิเกรชั่น เซอร์วิสเซส จำกัด )

399 Interchange 21 Bldg., 23rd Flr, Sukhumvit Rd, Klongtoey

Wattana Bangkok

10110

TH

Tech Contact: 37732

Ideal Creation Center Co., Ltd.

35 ถ.โชติวิทยะกุล 2 ต.หาดใหญ่ อ.หาดใหญ่ จ.สงขลา x

90110

TH

>>> Last update of whois data: Fri, 14 Feb 2014 20:56:58 UTC+7 <<<

You're right. I have deleted the log but remember I copied the address and when looked up warning comes about a potential unsecure site. It was www.Bangkok.immigration.go.th

Edited by Felt 35
RichCor Platinum Member

RichCor

Posted
Posted

[...] Are you SURE that it's from a co.th rather than a go.th TLD? [...]

You're right. I have deleted the log but remember I copied the address and when looked up warning comes about a potential unsecure site. It was www.Bangkok.immigration.go.th

Usually Phishing attempts are not 'external' attacks, so no-one was trying to break into your system from the outside ...they were trying to break in from the inside, using you as their accomplice. These attempts are seen as official or authentic email with misdirected links, social media or forum posts with misdirected links, imposter websites at commonly mistyped URLs, or even wrong URLs redirecting to valid websites but containing iFrame injected forms asking you to provide critical information.

AntiVirus suites that guard against phishing usually have a database of known questionable and trojan domains and will create a log entry when its scanning algorithm hits a match, even if you decided to delete the unwanted email or retype the URL correctly.

If you can, when you come across these types of entries, try to remember what activity was occurring at the time. Of course when you come across it days later... anyway, lucky you your software saved you from yourself.

bangkok.immigration.go.th ....a phishing site? I don't think so. Any "attempting to acquire information" ... "(and sometimes, indirectly, money) by masquerading as a trustworthy entity" are usually made by immigration in person, aren't they?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

Announcements







ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...