In association with heise online

« previous | next »
3 January 2007, 17:21

Phishing with Phlash

Lately, phishers have invented a new means to trick common anti-phishing toolbars and real-time analyses, such as those provided by the Internet Explorer 7. Instead of using traditional HTML forms to query log-in files, frauds rely on Flash elements to trick victims into entering their data. At best, current anti-phishing tools examine HTML and JavaScript code on a page to determine potential phishing characteristics. For Flash, this is not yet possible.

image 1 [400 x 249 Pixel @ 27 KB]
This site looks like the real PayPal front page, but is actually Flash recreation. Zoom

Although the entry form is the only link that works on these Flash pages and all other links cannot be clicked, the pages that have emerged, are good enough to deceive some users. The only remedy is to install a Flash blocker, which prevents Flash movies from being played automatically, for instance, the plug-in FlashBlock for Firefox.

See also:

(trk)

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-732052

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Diablo 3 (deutsch)
  9. Palit GeForce GTX 670
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit