Security Incidents mailing list archives
Re: New phishing style? Give them real links except for one
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 17 Mar 2004 12:00:07 +1300
Brandon Gotch/"Liteforge Developing" to "Robert C. Auch":
Interesting, I've seen a few of these before though ...
Yes -- it has become a somewhat popular approach over the last few weeks. Robert's description though, did not quite go far enough... _If_ you click on the actual "phishing" link (and the one most who are gullible enough to be taken in by such a scam would click on will be the "click _here_ to verify your details" one and that is the one that goes to the phishing page) you are taken to a _blank_ page that pops up a "login" dialog and (almost instantaneously) redirects the blank page behind the pop-up to the actual site. (I'm assuming this is what happened in this case as the phishing page had been taken down by the time I saw this thread, but the message Robert reported was very similar to others I've seen that have used the described approach.)
I think the most clever one I've seen though has to be the one using the multitude of unprintable characters in the link, which made it harder to see on the page (When you hovered over the link it showed up as a valid paypal link)
Yeah, but they only "work" if the victim's browser is buggy _and_ hasn't been patched for that problem (MS and Mozilla have both addressed this -- from memory, the then-current versions of Opera were not vulnerable to the "unprintable characters in the URL" tricks). This "new" trick works so long as the victim is stupid enough to have scripting enabled in their browser (and, of course, all those possibly gullible enough to fall for this will...). -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_incidents_040301 ----------------------------------------------------------------------------
Current thread:
- New phishing style? Give them real links except for one Robert C. Auch (Mar 16)
- Re: New phishing style? Give them real links except for one Liteforge Developing (Mar 16)
- Re: New phishing style? Give them real links except for one Nick FitzGerald (Mar 16)
- RE: New phishing style? Give them real links except for one Aditya, ALD [Aditya Lalit Deshmukh] (Mar 16)
- Re: New phishing style? Give them real links except for one Niek (Mar 17)
- Re: New phishing style? Give them real links except for one Remco B. Brink (Mar 17)
- RE: New phishing style? Give them real links except for one Dave Paris (Mar 17)
- Dead Thread: New phishing scheme... Daniel Hanson (Mar 17)
- Re: New phishing style? Give them real links except for one Remco B. Brink (Mar 17)
- Re: New phishing style? Give them real links except for one Liteforge Developing (Mar 16)