Security Incidents mailing list archives

Re: New phishing style? Give them real links except for one

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 17 Mar 2004 12:00:07 +1300

Brandon Gotch/"Liteforge Developing" to "Robert C. Auch":

Interesting,

I've seen a few of these before though ...


Yes -- it has become a somewhat popular approach over the last few 
weeks.  Robert's description though, did not quite go far enough...

_If_ you click on the actual "phishing" link (and the one most who are 
gullible enough to be taken in by such a scam would click on will be 
the "click _here_ to verify your details" one and that is the one that 
goes to the phishing page) you are taken to a _blank_ page that pops up 
a "login" dialog and (almost instantaneously) redirects the blank page 
behind the pop-up to the actual site.  (I'm assuming this is what 
happened in this case as the phishing page had been taken down by the 
time I saw this thread, but the message Robert reported was very 
similar to others I've seen that have used the described approach.)

I think the most clever one I've seen though has to be the one using the
multitude of unprintable
characters in the link, which made it harder to see on the page (When you
hovered over the link it showed up as a valid paypal link)


Yeah, but they only "work" if the victim's browser is buggy _and_ 
hasn't been patched for that problem (MS and Mozilla have both 
addressed this -- from memory, the then-current versions of Opera were 
not vulnerable to the "unprintable characters in the URL" tricks).  
This "new" trick works so long as the victim is stupid enough to have 
scripting enabled in their browser (and, of course, all those possibly 
gullible enough to fall for this will...).


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------

Current thread:

New phishing style? Give them real links except for one Robert C. Auch (Mar 16)
- Re: New phishing style? Give them real links except for one Liteforge Developing (Mar 16)
  - Re: New phishing style? Give them real links except for one Nick FitzGerald (Mar 16)
- RE: New phishing style? Give them real links except for one Aditya, ALD [Aditya Lalit Deshmukh] (Mar 16)
- Re: New phishing style? Give them real links except for one Niek (Mar 17)
  - Re: New phishing style? Give them real links except for one Remco B. Brink (Mar 17)
    - RE: New phishing style? Give them real links except for one Dave Paris (Mar 17)
    - Dead Thread: New phishing scheme... Daniel Hanson (Mar 17)