ok, ran through their page, apart from the recaptcha, nothing else to worry about.

and for the record, using recaptcha on a bank login page is plain dumb.

It is super easy.

Coupled with installing Cerberus app on an unsuspecting phone, I can even read or send sms from my computer/phone

Note: Cerberus is a legitimate app but could be easily misused.
Let's take this as a scenario:

1. You went overseas for holiday bringing your phone with you. Someone knew you are not in the country.

2. Scammer goes to police station and make a report saying lost IC (pretending as you).

3. Using the police report, goes to make a temporary IC.

4. Using temp IC and police report, makes a report with telco to get them reissued a replacement sim card.

5. You realised your phone cannot use while you were in overseas. You didn't bother because you think you will sort it out when u come home.

6. Scammer can get banks to reissue a new CC, or if they already have your username and password, you GG because now any new sms from banks to you will be sent to the replacement sim card which is being held by the scammer.

7. See how powerful if someone gets your Phone Number?? A chain is only as strong as the weakest link. The phone number is the weakest link!

*Happened to my friend's dad* A big foreign bank in Malaysia who is famous with issuing CCs wanted to sue my friend's dad* The suit was thrown out eventually.