Fraudsters are impersonating online banking websites in order to gain unauthorised access to customers' emails. Most online banking phishing sites simply try to steal whatever credentials are required to gain access to a victim's bank account, but by also gaining access to the victim's email account, the fraudster can prevent the victim from receiving any email alerts regarding account activity.
With access to the victim's emails, the fraudster could also potentially net a much larger haul. These emails will indicate to the fraudster which other banks, shops, social networks and other online services the victim uses. The fraudster can then attempt to compromise the victim's accounts on these services by initiating password resets, which will be sent to the email address he now has access to. In some cases, the fraudster will also be able to change the password of the victim's own email account, thus locking him out and making him unaware that further compromises are taking place.