Department of Islamic Development Malaysia is hosting PayPal Phishing Site?!
I was shocked when I discovered a PayPal phishing site is hosting under Department of Islamic Development Malaysia(Jabatan Kemajuan Islam Malaysia) website. :shock:
The website: Islam.gov.my
Department of Islamic Development Malaysia site is officially developed by Malaysia government since 1996. It is using a Malaysia top-level domains — gov.my, which is exclusively for Malaysian government organizations.
The PayPal phishing site
The PayPal phishing site is hosting under http://www.islam.gov.my/online/cgi/.
Screenshot: PayPal phishing site hosting under Jabatan Kemajuan Islam Malaysia website. [full screenshot]
Here are the list of phishing pages discovered:
- http://www.islam.gov.my /online /cgi /webscr_cmd=_login-run/
- http://www.islam.gov.my/ online /cgi /webscr_cmd=_login-run /primapagina.htm
- http://www.islam.gov.my/online /cgi /webscr_cmd=_login-run /sysdll.php
Info: What is PHISHING?
My two cents
Since the website of Department of Islamic Development Malaysia is using exclusive domain name, chances are the website has been hacked or a webmaster build the phishing site…
I have send this to the webmaster and administrative contact. Hopefully, they will clear the phishing site as soon as possible. It is a bad reputation that Malaysia government website is hosting a phishing site…
Update: Both email delivery to webmaster and administrative contact are failed! This is bad. :(
Update: It has been fixed. Thanks to everyone who notified the related parties.