Saturday 5 October 2013

Emerging trends in Email Phishing Scams

(PRWEB) February 26, 2004

These scams aim to steal recipients’ personal and financial details in what is known as Phishing. Phishing is a term used to describe the action of assuming the identity of a legitimate organisation, or web site, using forged email and/or web pages and with a view to convince consumers to share their user names, passwords and personal financial information for the purpose of using it to commit fraud. This is also and often referred to as Identity Theft.

Following Microsoft’s patch of its Internet Explorer products to plug the bug which allowed code to open a forged page while showing the genuine URL in the address bar (URL Spoofing or Cloaking), we are seeing new methods to trick unsuspecting surfers into interacting with the spoof emails and forged web pages…

We are seeing spoof emails that contain quite complex JavaScript commands to force the email program to display genuine URLs in the status bar while the cursor ‘hovers’ over the link to the bogus web page. Spoof emails are usually written in HTML which allows links to be written with genuine looking text – email recipients should be aware that if they see a link in an HTML message, it is no indication that the link leads to the description at all, you just have to think about the ‘click here’ links that you see in many web pages. The manipulation of status bar messages just bolsters the genuine feel and for those who rely on what they see in that status bar message, this could spell lots of trouble.

The other worrying trend lies in the fraudsters continued attempts to serve up forged web page content in a way that leads the viewer to think it is genuine. “We are seeing more and more instances of script commands that will initially send your browser to a page with no content, but just script which triggers the opening of two new pages (you will most likely not even notice this happening). Of the two pages, the first will be the one of the genuine site’s pages and the second is opened with address, tool and status bars coded out (removed).” This gives the viewer the impression that the second browser window is a pop up which is directly related to the first window, when in actual fact it is the mechanism used to grab users’ information by way of a forged web form to complete.

Recent examples of this kind of set up include the recent MBNA Bank Email Scam (http://www.millersmiles.co.uk/identitytheft/022304-MBNA-phishing-scam.php) – a recent eBay Phishing Scam (http://www.millersmiles.co.uk/identitytheft/022304-ebay-phishing-scam.php) – a Paypal Phishing Scam (http://www.millersmiles.co.uk/identitytheft/022204-paypal-1.php) – and Citibank (http://www.millersmiles.co.uk/identitytheft/022104-citibank.php).

See http://www.MillerSmiles.co.uk for more on Spoof Email Phishing Scams and tap into the daily email scam news feed through http://www.millersmiles.co.uk/millersmiles.xml

Mat Bright

25th February 2004







Find More JavaScript Press Releases


Emerging trends in Email Phishing Scams

No comments:

Post a Comment