Wednesday, May 31, 2023
Home Technology Online Security Raiffeisen Bank Phishing hacking attack on websites

Raiffeisen Bank Phishing hacking attack on websites

If you landed on this post dealing with Phishing scam on WordPress sites of Hostgator / Bluehost or custom made PHP sites because you might also have received a warning from your hosting company to “suspend your hosting” account. In this post we will address how to deal with such scams and hacking attacks.

Symptoms of the Raiffeisen Bank Phishing Hack

In most situations the victims never know this unless they are notified by the hosting company. You may get a warning email where you get a strict deadline to clear the malicious code from your website or face suspension.

Sample warning email for suspension from Hostgator for violating Security policy due to Phishing caused by hackers.

Or you may also have noticed new URLs in your Google Webmaster tools or might have received warning in your Webmaster console regarding hacking or phishing issues.

Basically, the issue is caused due to some malicious hackers who have broken into your website though security loopholes and built pages on your site that are an identical replica of some other sites. In this case some hacker has replicated the look of the Netbanking login page of Raiffeisen Bank and using it to dupe people. The pages may look something like this.

Raiffeisen Bank phishing scam by hancing wordpress sites.

How to fix this and protect your Hosting account?

  1. Normally the first thing you should do is to contact your hosting company and request them for a hacking / malware attack security scan on the website. They won’t do it otherwise if they don’t feel that its a serious need. When they complete the scan they will provide you with a list of infected files you need to delete. Refer to the email screenshot above.
  2. Then login to your Cpanel or Hosting Manager and go to the File Manager section. It might be in the /.well-known/acme-challenge directory. Look for the following files and delete them completely.
    Infected files in Bank Phishing hacking
  3. After that search the entire hosting accounts for file names like otp.php or login.php or smskod.htm to find if more such files exist in other directories of the site.
    See the example below on how searching for one of the infected file names helped me find out where else the infected files have copied themselves.
    find more instances of the infected files

Most Popular

List of Best English Speaking Institutes in Delhi

If you want to improve your English language skills, you might wonder where to begin. With so many English language institutes in...

Top 10 Coding Competitions for Kids: Junior Coding Championships worldwide

If your child has been into coding and app development recently and you wish to show off their coding skills then enrol...

Turn on Less Secure Apps in Google Workspace Gmail accounts

Sometimes a developer needs to send emails from Gmail or Google Workspace email account or mail server from their website or app....

Construction Financing: Everything You Need to Know

Thinking about building a new home? Construction financing can help. In this article, we will help you figure out...


I have started a new project called the Indic Dictionary. This will cover popular household words in India and what they are called in various languages. Eventually, I will make this an easy to use app where where people can easily find something like “hing in English” or “Tea Tree Oil in Hindi” or “carrom seeds in Urdu”.