Wednesday, June 22, 2005

Phishing Variants: Popups and Visual Spoofing

Picture credit:
Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueIf you're at all concerned about the rampant epidemic of phishing emails sweeping the Internet, here are a couple of additional approaches to be aware of:

Popup scams: (and the usual security sites) are reporting that most current browsers are susceptible to popup scams. That is, a malicious site uses Javascript to pop-up a window in front of a legitimate web site (say, The pop-up appears to be linked to the legitimate site and challenges the user for credentials (or other sensitive data). A typical user might assume the popup to be legit, since it appears over the backdrop of the real site. Rest assured, it's not: it's a scam. Real sites will authenticate you on the secure page itself.

Visual spoofing: Netcraft reported this scam a year or so ago and it's still something to consider. The basic visual spoof uses Javascript to launch a new browser window without the traditional scroll-bars, menus, toolbars, etc. (the classic example of this is a popup ad banner). The spoof uses images to replace the traditional browser, such that the address bar, navigation buttons, "secure page" lock, and so forth all appear normally as they would on a secure page. Skeptical and want to see an example? Don Park has a good demo of visual spoofing here.

The bad guys are more diabolical than Macgyver on a Starbucks bender. Always be suspicious.

No comments: