How your Maybank2u account might get hacked
Truth be told first, this is not a hacking guide but a reveal of a phishing scam targeted to Maybank2u users.
To many, phishing or the act of cheating you to handover your login particulars to another person might constitute the name of a ‘hack’ although it actually is not.
I will not go into details of naming this tactic, but see for yourself.
*Do note that I think this way of phishing would not be working anymore and in fact I think it doesn’t work at all. Please leave your comment if you think otherwise. 🙂
1) It would start off with an email of warning that you need to login to your account and usually come with a link for you to click. Although this is not new but I bet users who are new to Internet or new to online banking might fall for it.
Why it’s fake : Look out for the content in the email, usually it is not correct at all. Technically there is no such IP address as 767.998.x.x and also bank will not send out email with ‘conforming verifying’ without proof reading.
2) The link will send you to a login page, but of course it is not the real Maybank2u.com website. Even the screen is old, which is why I think this scam is old and might not be working at all.
Why it’s fake : It is not the real website and there is no SSL (the lock icon on your browser) saying it’s a secure site. Try login with a fake id and any password, most likely you’re able to see the next page.
3) After submission of your login and password then you see a TAC screen?
Why it’s fake : You have not even requested for TAC and it’s asking you for TAC.
4) All of a sudden you are logged out after TAC submission. Well, some smart guy will ask you not to login to your account for a few hours.
Why it’s fake : Even way before here I guess it looks fishy right? And now the process shows this author could just be a script kiddie.
5) If you go to the main site, of course it is not to be the bank’s website.
Why it’s fake : It’s a personal website! Most likely the website was hacked and the scripts are planted there to act as middleman to send over the login information so that the real Slim Shady behind the job cannot be located.
6) Try to do some tracing from the URL path and it lists the files in the webserver.
Why it’s fake : Looks like it’s a dormant site. Most files are updated in 2007 and the phishing files are updated lately.
7) Trace deeper down the road.
Why it’s fake : Files are copied from somewhere else as this bankofamerica thing reveals that the same script could have been used for other banks too.
8 ) View the source file and see where the data is posted.
Why it’s fake : It’s posting to another website, so this personal website is only a layer of deceit.
9) Now visit the second website and leads to a website of manufacturing company?
Why it’s fake : You don’t need to tell this website doesn’t deal with money but with machines only. So it’s another website with planted scripts.
10) Trace the script and then the game is revealed. The username and password is emailed to the hacker.
Why it’s fake : Need to say more?
I’m not good in PHP, but could someone see if the TAC is sent to the
From my observation, the hacker probably might not be able to actually hack into the account and do anything damaging without the TAC but he/she has got passwords to two webservers/websites so that scripts are planted there. The scripts probably could have been copied elsewhere too.
While this is not something new, but if the script works, real damage could be done, maybe not to you but to others.
Please beware and warn others that you think they will fall for such traps. (Like your dad or mum or grandpa or grandma?) 🙂
One last thing, if you’re the owner of the two websites that got hacked, please remove the files and change your password.