Phishing: Targeting The Two-factor Authentication Of Malaysian Banks

By: MicroWorld Technologies Inc
Malaysian Phishing attack
Malaysian Phishing attack
Spread the Word
Listed Under

* Phishing
* Malaysian Banks
* Escan

* Technology

* Novi - Michigan - US

NOVI, Mich. - Nov. 14, 2017 - PRLog -- In the past few days, we have been observing phishing spams targeting a host of Malaysian Banks under the garb of tax refunds. Although it is not new for the scammers to host one phishing site which provides a variety of choices for their intended victims.

The scammers have targeted the email systems of a well-known health organization in the US and by using an open proxy server accessed the OWA (Outlook Web Access) and logged on with the stolen credentials to send out spam emails.

The scammers are using a URL shortner so as to not raise any suspicions.

The phishing page has been designed to target as many Malaysian Online Banking users as possible.

All of us are aware that clicking on the individual bank links would show us the individual phish login pages, however, this time around the scammers/hackers have gone one step ahead and have been actively targeting the Two-factor Authentication Code (TAC). This entire phishing attack is done in real-time. The victims would provide their login credentials to the phishing site and the attackers would be logging on to the actual banking site.

Lately, banks are relying on the Two-factor Authentication and so are the scammers. The phishing site would present to its victims the TAC page, waiting for the actual bank to send the TAC to the victims and the victims, in turn, providing the TAC to the phishing site. This is one of the few phishing attacks which showcase the Man-in-The-Middle attack.

Indian Banks too have been implementing Two-Factor-Authentication for validating the online banking customers and coming few months we may observe criminals using the same tactics to targeting Indian Online Banking Customers.

eScan's Smart filter, a heuristic filter detects these phishing attempts with ease and in the past too we have demonstrated its capabilities. Moreover, eScan's Web Filter too detects these phishing pages and protects the users.


1: Check the URL

2: Ensure that the banking Login Page is HTTPS Enabled and it belongs to the said bank.

3: Using a powerful Internet Suite, like eScan on your computer systems and for your Mobile Devices would significantly reduce the chances of you failing a victim to such phishing attacks.

For further information:

MicroWorld Technologies Inc Orchard Hill Place,
Suite 600, Novi, MI 48375
Email:*** Email Verified
Tags:Phishing, Malaysian Banks, Escan
Location:Novi - Michigan - United States
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
eScan Anti-Virus News
Most Viewed
Daily News

Like PRLog?
Click to Share