New Style Of Phishing Attack Discovered
The rate of innovation in phishing has been underlined with the discovery of an attempt to hijack a website frame on a legitimate banking site.
Source: TechWorldThe hack was revealed this week by a UK security company.
Netcraft, which tracks such new forms of incursion using reports from its user community. The target in this instance was the online log-in of US-based Charter One Bank.
In contrast to established cross-scripting techniques where whole pages are hijacked by bogus sites, the new "cross-frame" scripting approach is able to inject content on to a real web page, making it extremely difficult to detect. The technique works by adding links to the frame further down in what otherwise appears to be the legitimate charterone.com website, without this being deemed invalid.
Anybody visiting the website while prey to the attack - after, say, following a phishing e-mail link - would have been presented with what looked like the real website, in which had been planted a fake "account update" form.
0