Phishing: cats and mice
Date: January 06, 2007Source: securitypronews.com
Since anti-phishing measures can involve analyzing the content of a page to determine if it is a phish or not, some criminals have shifted to Flash to evade their notice.
The cat and mouse game continues between scammers and those who would thwart their phishing schemes. Anti-phishing technology has been built into web browsers and provided as toolbars for people, which has caused the criminals to start escalating the technology side of their efforts.
F-Secure cited a couple of URLs as examples in their blog post about the Flash phish. The examples replicated PayPal's pages; PayPal and eBay have long been favorites among phishers.
If someone is fooled by the site and logs in to the fake PayPal, the next screen opens with a request for credit card information like card number and expiration, the CVV number from the back of the card, the PIN used for ATM transactions, and the name on the card.
The two recent examples of Flash phishing have been shut down following F-Secure's notifications to their hosts that the sites were engaging in criminal activity.
Add comment Email to a Friend