Numerous Maybank customers recently might have fallen into the trap of phishing emails. The emails were sent with an intention to steal the username and passwords of the customers. The phishing site was modulated in such a way that at every step an email containing the customer’s data was transmitted to the attacker via email. The email invited users to click on Maybank phishing websites and once the customer filled the phishing form and clicked on submit button, post entering the username and password, the details were immediately sent to the attacker.
In the five step process, attacker himself logs-in into the banking site, using the stolen credentials, meanwhile the bank sends the TAC to the victim’s contact number. The victim provides the TAC to the phishing page, which is received by the attacker via email and is able to complete the online verification process and hence gets complete access of the victim’s bank account. The attacker is free to carry swindler activities. In this real-time phishing attack, the victim is left clueless and cybercriminals can siphon off the money.
Cyber frauds can use this information and can even change the banking credentials to suck the money before the customer notices that he was been defrauded.