In association with heise online

03 January 2007, 16:21

Phishing with Phlash

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Lately, phishers have invented a new means to trick common anti-phishing toolbars and real-time analyses, such as those provided by the Internet Explorer 7. Instead of using traditional HTML forms to query log-in files, frauds rely on Flash elements to trick victims into entering their data. At best, current anti-phishing tools examine HTML and JavaScript code on a page to determine potential phishing characteristics. For Flash, this is not yet possible.

image 1 [400 x 249 Pixel @ 27 KB]
Zoom This site looks like the real PayPal front page, but is actually Flash recreation.

Although the entry form is the only link that works on these Flash pages and all other links cannot be clicked, the pages that have emerged, are good enough to deceive some users. The only remedy is to install a Flash blocker, which prevents Flash movies from being played automatically, for instance, the plug-in FlashBlock for Firefox.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit