Based on SlashNext findings, PhishWP employs superior techniques, resembling stealing the OTP despatched throughout a 3D Safe (3DS) test. By capturing this code, attackers can impersonate customers, making their fraudulent transactions seem legit.
“With the OTP in hand, cybercriminals bypass one of the vital safeguards in digital transactions, making their fraudulent actions look alarmingly legit to each banks and unwitting consumers,” Soroko stated. “Many individuals have been skilled to imagine that one-time passcodes (OTP) assist a system to be safer, however on this case, they’re merely handing over the keys to their adversary.”
Different key options provided with the plugin embody customizable checkout pages, auto-response emails, multi-language help, and obfuscation choices.
