In the past few days we have been observing phishing spams targeting a host of Malaysian Banks under the garb of tax refunds. Although it is not new for the scammers to host one phishing site which provides a variety of choices for their intended victims.
The scammers have targeted the email systems of a well-known health organization in the US and by using an open proxy server accessed the OWA (Outlook Web Access) and logged on with the stolen credentials to send out spam mails.
All of us are aware that clicking on the individual bank links would show us the individual phish login pages, however this time around the scammers/hackers have gone one step ahead and have been actively targeting the Two-factor Authentication Code (TAC). This entire phishing attack is done in real-time. The victims would provide their login credentials to the phishing site and the attackers would be logging on to the actual banking site.
Lately banks are relying on the Two-factor Authentication and so are the scammers. The phishing site would present to its victims the TAC page, waiting for the actual bank to send the TAC to the victims and the victims in turn providing the TAC to the phishing site. This is one of the few phishing attacks which showcase the Man-in-The-Middle attack.
Indian Banks too have been implementing Two-Factor-Authentication for validating the online banking customers and coming few months we may observe criminals using the same tactics to targeting Indian Online Banking Customers.
eScan's Smart filter, a heuristic filter detects these phishing attempts with ease and in the past too we have demonstrated its capabilities. Moreover, eScan's Web Filter too detects these phishing pages and protects the users.
Advisory