Domain Registration Related News
Visual Spoofing Offers new Opportunities for
Phishers
Feb 2004
A new technique called "visual spoofing"
provides a way for Internet phishing scams to
convincingly mimick the web sites of banks and
credit card companies. The technique alters the
user interface of the web browser, substituting
images for parts of the browser interface that
would normally help users detect the fraud.
Visual spoofing, as outlined by Don Park, uses
javascript links to launch a new browser window
without scrollbars, menubars, toolbars and the
status bar. This coding trick is commonly used to
launch pop-up ads. In visual spoofing, these GUI
elements are replaced by images, allowing the site
creator to substitute a fake status bar containing
the URL for a legitimate site, along with an image
of a "lock" indicating a secure SSL site. Park has
posted a demo of the technique, which works in
multiple browsers. End users have the ability to
configure their browser to prevent this behavior.
Phishing attacks seek to trick account holders
into divulging sensitive account information
through the use of e-mails which appear to come
from trusted financial institutions and retailers.
Such scams have multiplied in recent months, with
many taking advantage of a bug in Internet
Explorer that made it easier for fraudsters to
simulate the URLs of target financial institution.
|