Phishing with Phlash
Lately, phishers have invented a new means to trick common anti-phishing toolbars and real-time analyses, such as those provided by the Internet Explorer 7. Instead of using traditional HTML forms to query log-in files, frauds rely on Flash elements to trick victims into entering their data. At best, current anti-phishing tools examine HTML and JavaScript code on a page to determine potential phishing characteristics. For Flash, this is not yet possible.
Although the entry form is the only link that works on these Flash pages and all other links cannot be clicked, the pages that have emerged, are good enough to deceive some users. The only remedy is to install a Flash blocker, which prevents Flash movies from being played automatically, for instance, the plug-in FlashBlock for Firefox.
- Flash Phishing, Blog entry at F-Secure
- Study: Anti-phishing software doesn't provide reliable protection, News at heise Security
(trk)