Beware of MCB Phishing Email "URGENT MVR Required for your accounts"[UPDATED]
 |
| Phishing Email Screenshot |
Dear customer,
Your account(s) is no longer active as it has been suspended due to MVR (MCB Verification Requirements).
Your attention is required to activate your account now.
Activate Account Now(Link Removed)
Thanks and have a great day.
 |
| Fake Website of the Bank |
When the recipient clicks on the link provided, he/she is directed to a website looking like a legitimate MCB website where a banner having the official logo of the bank is displayed on the top of the scam webpage. Following the banner, there are several warning message which ask recipients to reactivate their account. Scrolling down, there is a form where recipients need to insert their credentials such as, USER ID, USER PASSWORD, TRANSACTION PASSWORD, EMAIL ADDRESS and EMAIL PASSWORD. After clicking on the activate button, the website is directed to a PDF file from the official website of the bank. But it seems that the PDF file is no more available on the bank's site causing the browser to freeze for around 5seconds and afterwards remaining blank. In the meantime, cybercriminals behind the phishing scam have already received your login credentials which they may use to transfer money.
We advise our readers to be alert. The email and the phishing website have been professionally designed, not leaving noticeable errors which can prove they are fakes. The only two ways to find out is to have a look at the URL, which is a porn website domain name and secondly in the email, “Thanks and have a great day.”, an official email will never use and informal way of thanking a recipient. If you think you have been a victim of this email, change your password as soon as possible and contact the bank.
We reported the email to The Mauritius Commercial Bank and received an automated reply where it stated "MCB will NEVER ask for your Internet Banking login and transaction passwords under any circumstances". This is already a confirmation that the email is a fake one.
UPDATE
Yesterday, 27 October 2014, we received confirmation from The Mauritius Commercial Bank that this is a phishing email. The content of the confirmation email goes as follows:
Dear Sir/ Madam
We acknowledge receipt of your e-mail dated yesterday, and thank you for escalating the issue to us.
This e-mail is indeed a scam whereby fraudsters aim at obtaining personal details of our customer, with the intention of carrying out fraudulent transactions on the customer’s accounts.
These fraudsters operate by sending e-mails that appear to come from the Bank.
The MCB requests you to disregard these bogus messages and not to respond to any instructions contained therein. Instead, Internet Banking customers should forthwith delete the messages.
IB customers who have responded to such messages are advised to change their password immediately and call the MCB on (230) 2026060 without delay.
May we remind you that access codes (be the “User IDs” or “passwords” for Internet Banking or “PIN” for credit and debit cards) are strictly personal and must not be revealed to third parties or used otherwise than in the appropriate authenticated environment.
Rest assure that all possible steps are taken to promptly ban the fraudulent domains and to inform our customers not to respond to these fraudulent attempts.
We reiterate our thanks for advising us of this issue and assure you of our best services at all times.