According to SlashNext findings, PhishWP uses advanced tactics, such as stealing the OTP sent during the 3D Secure (3DS) test. By capturing this code, attackers can impersonate users, making their fraudulent activities appear legitimate.
“With the OTP in hand, cybercriminals bypass one of the most important safeguards in digital transactions, making their fraudulent activities look shockingly legitimate to both banks and unsuspecting consumers,” Soroko said. “Many people have been trained to believe that one-time passwords (OTP) help make a system more secure, but in this case, they’re just giving their adversaries the keys.”
Other important features offered by the plugin include customizable payment pages, auto-reply emails, multi-language support, and obfuscation options.
Source link