In a real-time phishing attack, the fraudsters capture the banking credentials and authentication information when the User enters details onto the Business eBanking system. The stolen credentials are then immediately used to open a session on the authentic bank website in order to commit fraud.
Sometimes the hackers use fake sites that look like Danske Bank’s website. If the User goes to the fake site (for example, via a link in an email) and enters the authentication details, the hackers will receive that information and use it to go to the real website and log on to the Business eBanking system. Meanwhile, the User is watching a “Please wait…” page.
Real-time phishing attacks are also performed through computers infected with malware. The infected computer sends the authentication information to the hacker, who will use it to log on to the Business eBanking system. Meanwhile, the User is once again watching a “Please wait…” page.
Vishing is somewhat similar to Phishing except the fraudster phones their intended victim, usually purporting to be a service provider (such as a bank) which the intended victim uses, asks them to reveal information. It is not uncommon for fraudsters to make a number of calls trying to gather small pieces of information each time. For instance an apparently regular call during which they simply find out where you have your bank account, followed a week or so later with a call during which they introduce themselves as being from your bank.
If you decide that you want to call the caller back to authenticate the call you should always ensure that you source the number from your own records and ensure that the original connection with the caller has been terminated (you can do this by using a different phone or phoning someone else you know first).