Phishing: Targeting the Two-factor Authentication of Malaysian Banks

In the past few days we have been observing phishing spams targeting a host of Malaysian Banks under the garb of tax refunds. Although it is not new for the scammers to host one phishing site which provides a variety of choices for their intended victims.

The scammers have targeted the email systems of a well-known health organization in the US and by using an open proxy server accessed the OWA (Outlook Web Access) and logged on with the stolen credentials to send out spam mails.

eSca 2

The attached document shows the following message:

eScan 3

The scammers are using a URL shortner so as to not raise any suspicions

eScan 1

The phishing page has been designed to target as many Malaysian Online Banking users as possible.


All of us are aware that clicking on the individual bank links would show us the individual phish login pages, however this time around the scammers/hackers have gone one step ahead and have been actively targeting the Two-factor Authentication Code (TAC). This entire phishing attack is done in real-time. The victims would provide their login credentials to the phishing site and the attackers would be logging on to the actual banking site.

Lately banks are relying on the Two-factor Authentication and so are the scammers. The phishing site would present to its victims the TAC page, waiting for the actual bank to send the TAC to the victims and the victims in turn providing the TAC to the phishing site. This is one of the few phishing attacks which showcase the Man-in-The-Middle attack.

Indian Banks too have been implementing Two-Factor-Authentication for validating the online banking customers and coming few months we may observe criminals using the same tactics to targeting Indian Online Banking Customers.

eScan’s Smart filter, a heuristic filter detects these phishing attempts with ease and in the past too we have demonstrated its capabilities. Moreover, eScan’s Web Filter too detects these phishing pages and protects the users.


  • Check the URL
  • Ensure that the banking Login Page is HTTPS enabled and it belongs to the said bank.
  • Using a powerful Internet Suite, like eScan on your computer systems and for your Mobile Devices would significantly reduce the chances of you failing a victim to such phishing attacks.
  • Identify phishing emails, such mails are filled with countless grammatical errors and are often written in awkward English.
  • Never respond to emails or messages from unknown sender that have “undisclosed recipients” in the address line.
  • Do not click on the link mentioned in the mail, if required type it in another browser tab to see what it contains.
  • If at all you happen to click such a link and see a request for your banking credentials or other details for any kind of verification or updating purpose, do not enter your personal or financial information.
  • Be careful and avoid providing information related to your credit card, bank account numbers or passwords to any unknown site or a fake site. Most Internet e-mails are NOT secure.
  • Never get carried away by genuine-looking website that contains identical looking logos, pictures and banners.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: