TrendLabsSM recently spotted a phishing site that specifically targets Public Bank of Malaysia’s clients. Public Bank is one of Malaysia’s leading financial institutions that operate in other parts of Asia as well, including Hong Kong, China, and Cambodia.
The phishing page mimics Public Bank’s official login page to make users believe that it is the legitimate site.
Accessing the fake URL leads users to the phishing page where they are asked to enter their user names and passwords. Upon entering these, they are redirected to another page wherein they are asked to enter their PACs—unique system-generated six-digit authentication code numbers. After entering their PACs, the phishing site notifies users that they can now access their accounts. However, these tactics are all just a ruse so that the cybercriminals behind this phishing attack can steal the customers’ online banking credentials.
In an effort to warn the bank’s clients, TrendLabs’ regional partners in Asia/Pacific have informed the organization’s administrators.
Trend Micro™ Smart Protection Network™ already protects product users from this particular threat by preventing access to the phishing site via the Web reputation service.