PDA

View Full Version : Phishing Technique Replaces Web Browser Address Bar



robsonde
07-05-2004, 11:31 PM
A dangerous new type of phishing attack has been detected that replaces the "Address" bar at the top of a Web browser with a working fake, using JavaScript. This technique allows the phisher to display a completely fraudulent Web address URL, while taking the consumer to the phisher's spoofed site.

This sophisticated new attack type does not make use of the MS Internet Explorer bug published last November, but extends the same visual effect to multiple browser platforms. It does so by automatically detecting the consumer's browser, and applying a custom JavaScript that replaces the look and feel of the Web address bar with an appropriately designed working fake.

http://www.antiphishing.org/news/03-31-04_Alert-FakeAddressBar.html

KingWave
08-05-2004, 12:02 AM
Brilliant, finally someone with half a clue.

robsonde
08-05-2004, 12:03 AM
who?

Shaun Minfie
08-05-2004, 08:27 AM
I'm guessing its sarcasm as in:

Oh billiant someone with more than half a clue has managed to attack multiple browsers and not just IE

Just a guess.

Madam_Lash
08-05-2004, 12:20 PM
Don't click that link. There is no guarantee that it won't install the phishing thing. It might install it on your computer

DON'T TRUST LINKS!!!!!!!!!

Jen C
08-05-2004, 01:11 PM
> Don't click that link. There is no guarantee that it
> won't install the phishing thing. It might install it
> on your computer

What makes you think that a malicious script will download when you click that link? Have you viewed that site before making such a statement? Can you please expand upon your statement?

The Anti-Phishing Working Group (APWG) (http://www.antiphishing.org/apwg.htm)
The Anti-Phishing Working Group (APWG)is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing. The organization provides a forum to discuss phishing issues, define the scope of the phishing problem in terms of hard and soft costs, and share information and best practices for eliminating the problem. Where appropriate, the APWG will also look to share this information with law enforcement.

Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, and solutions providers. Note that because phishing attacks and email fraud are sensitive subjects for many organizations that do business online, the APWG has a policy of maintaining the confidentiality of member organizations.

The Web site of the Anti-Phishing Working Group is www.antiphishing.org. It serves as a public and industry resource for information about the problem of phishing and email fraud, including identification and promotion of pragmatic technical solutions that can provide immediate protection and benefits against phishing attacks. The analysis, forensics, and archival of phishing attacks to the Web site are currently powered by Tumbleweed Communications' Message Protection Lab.

The APWG was founded by Tumbleweed Communications and a number of member banks, financial services institutions, and e-commerce providers. It held its first meeting in November 2003 in San Francisco.

Click below for more information on our privacy policy and legal notices.

* Privacy Policy
* Legal Notices

> DON'T TRUST LINKS!!!!!!!!!

Try not to use scare tactics on those who don't know better. Most threads will have links in them for offsite information. If a member of PF1 was found to be posting malicious links, they would not last long on this forum.

Shaun Minfie
08-05-2004, 02:54 PM
Well Said

Madam_Lash
08-05-2004, 04:57 PM
> Try not to use scare tactics on those who don't know
> better. Most threads will have links in them for
> offsite information. If a member of PF1 was found to
> be posting malicious links, they would not last long
> on this forum.

Iam not udsing scare tactics AT AL!!!!!! How many times are we told not to click an attachment? And here we have someone posting a link THAT COULD install something on yr comp. I was only warning people. Who knows where those links take you?

robsonde
08-05-2004, 06:10 PM
as the person who posted the link i must say the not clicking on it does make sence.

The question is do you show such caution every where on the internet?

it is for each of us to decide who we trust and being that you are new around here I dont blame you for not trusting every link you see.