fadzli.com | blog

 

phish me not – another malicious attempt to trick maybank2u

Have to admit, this is the best ever phishing page i ever came across.. the logo, the design, the realtime clock date time. the timing fact that maybank is currently planning a security update, this phish is a work of art but too bad im not fooled easily.

Screenshot after the jump.

alway remember NOT to click any email from online banking. I know but the content is seriously tempting. Maybank keep on informing me when login that they will update their security soon, so this email might be real. so i decided to click the link.

What a masterpiece. I couldn’t distinguish the difference at first few seconds. But hey, I clicked this link at 12:46 AM, but the system time showing 17:46 PM, this server must be somewhere in europe :) – ohh and the URL is soooo obvious (to me at least) but i fear this wont be notice by most people.

i decided to enter random username and password= hello.world / ph1sh1ngsucks and bingo, im logged in yo… Again, the page itself is very realistic.

the TAC page just wont work, a separate window will pop-up but nothing will happen. you wont get any sms. I guess that is not the ultimate intention . If i were the one creating this. clicking request tac will open a real m2u site login page and who know maybe some unlucky chap will navigate through that pop-up window to get generate TAC for me. Nauzubillah… cerdik sangat la tu.

Now back to the main page, enter whatever shit TAC number you want you will be presented with another set of questions.. CVV? ha ha ha.. i fill all this just for fun. My credit card expired when we reach wawasan 2020 yo..

click continue and that’s is folks, you just got phished by this site. Do take note at the advice there. Dont login for the next 24hrs or your account will explode.

I’ve done my duty, by blogging and tweeting this. Also reported the issue to maybank fraud hotline 03-58914744. hopefully they can work with internet authority to bring this site down. Also reported to google by clicking the option Help / Report Web Forgery.

I suggest you do the same. Let’s make internet a much safer place.



RSS feed | Trackback URI

1 Comment »

Comment by dirn
2011-03-02 15:51:29

interesting…i’ll check my gmail to see whether i’m getting the email or not. just wonder, how did they get our email add in the first place???

 

OR leave your details below

Name (required)
E-mail (required - never shown publicly)
URI
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> in your comment.

Trackback responses to this post