Saturday, September 25, 2021
Home Technology Online Security Raiffeisen Bank Phishing hacking attack on websites

Raiffeisen Bank Phishing hacking attack on websites

If you landed on this post dealing with Phishing scam on WordPress sites of Hostgator / Bluehost or custom made PHP sites because you might also have received a warning from your hosting company to “suspend your hosting” account. In this post we will address how to deal with such scams and hacking attacks.

Symptoms of the Raiffeisen Bank Phishing Hack

In most situations the victims never know this unless they are notified by the hosting company. You may get a warning email where you get a strict deadline to clear the malicious code from your website or face suspension.

Sample warning email for suspension from Hostgator for violating Security policy due to Phishing caused by hackers.

Or you may also have noticed new URLs in your Google Webmaster tools or might have received warning in your Webmaster console regarding hacking or phishing issues.

Basically, the issue is caused due to some malicious hackers who have broken into your website though security loopholes and built pages on your site that are an identical replica of some other sites. In this case some hacker has replicated the look of the Netbanking login page of Raiffeisen Bank and using it to dupe people. The pages may look something like this.

Raiffeisen Bank phishing scam by hancing wordpress sites.

How to fix this and protect your Hosting account?

  1. Normally the first thing you should do is to contact your hosting company and request them for a hacking / malware attack security scan on the website. They won’t do it otherwise if they don’t feel that its a serious need. When they complete the scan they will provide you with a list of infected files you need to delete. Refer to the email screenshot above.
  2. Then login to your Cpanel or Hosting Manager and go to the File Manager section. It might be in the /.well-known/acme-challenge directory. Look for the following files and delete them completely.
    Infected files in Bank Phishing hacking
  3. After that search the entire hosting accounts for file names like otp.php or login.php or smskod.htm to find if more such files exist in other directories of the site.
    See the example below on how searching for one of the infected file names helped me find out where else the infected files have copied themselves.
    find more instances of the infected files

Most Popular

Abacus for Kids FAQs

What is Abacus? Abacus is a "counting frame" or a very old calculating device that helps us to do mathematical...

Organic Food and Its Importance for Our Health and Our Planet

Food constitutes one of the pillars of human survival, besides being a source of our energy. Over the years of evolution, food...

List of Organic Vegetables Price in Delhi from Organic Food Suppliers

After facing the pandemic and realizing the need to build strong immunity in our bodies, we today witness a strong push towards...

Top Gift Ideas To Celebrate This Christmas Day With Your Family

Christmas is celebrated every year on the 25th of December. It brings joy and cheers to our life. People celebrate Christmas to...


I have started a new project called the Indic Dictionary. This will cover popular household words in India and what they are called in various languages. Eventually, I will make this an easy to use app where where people can easily find something like “hing in English” or “Tea Tree Oil in Hindi” or “carrom seeds in Urdu”.