Often wondered how exactly they works?
I understand the fake website to get the username/password ... but what then?
They can't create a beneficiary or do anything with the OTP/cellphone?
I know the new way is to intercept - but I thought this was only recently?
How did they do phishing in the past - or have they always needed to intercept?