2005 - 918 views, 1 Comment

Summary: Microsoft has this week issued an advisory on a new trick which phishers are playing with users' web browsers, including Internet Explorer, although other web browsers can be manipulated as well. The trick involves the use of overlapping browser windows which ...

Previous Article « What Everybody Ought to Know about Protecting Themselves from Credit Card Fraud and Identity Theft
Read Next Article » TrustSoft’s SpyKiller Scam Scans Canned with CAN-SPAM

Microsoft has this week issued an advisory on a new trick which phishers are playing with users’ web browsers, including Internet Explorer, although other web browsers can be manipulated as well. The trick involves the use of overlapping browser windows which are automatically opened by a site which the user visits.

The way that it works is this: you visit a website - unbeknownst to you a phisher’s website - and that site redirects you to a real, legitimate site. So let’s say that you get an email with a link to YourBank.com, but it’s really a link to ThatPhisher.com. However, ThatPhisher.com invisibly redirects you to the real YourBank.com website, so what you see is your bank’s real, legitimate website.

However, at the same time, as your browser hits and passes through ThatPhisher.com, ThatPhisher.com causes your browser to pop-up one or more new windows or dialogue boxes, which prompt you to enter personal information for YourBank.com (such as your account information or password). You have no reason to think that the information is being requested by anyone other than YourBank.com, because hey, you’re at the real YourBank.com website!

Says the Microsoft advisory, “If a particular window or dialog box does not have an address bar and does not have a lock icon that can be used to verify the site’s certificate, the user is not provided with enough information on which to base a valid trust decision about the window or dialog box.”

Good advice.

What to do if you are presented with such a new window or dialogue box?

Close them, go to your main browser window, and manually type in the address of the real website (in this case YourBank.com). If the window or dialogue box pops up again, then it was likely legitimate. If it doesn’t, well, you’ve just saved yourself from being phish phood.

Email the link for this page to a friend!

» A Browser Which Warns Users of Phishing? It’s True!

» Fake Windows W32.Sinnaka.a Alert Actually Front for Spy Trooper, World AntiSpy, PS Guard and Raze Spyware

» Microsoft Offers Windows Lite in Europe

For additional similar stories check out our archives on Good Guys, Phishing

1 Comment »

Opera is not affected by this phishing vulnerability: http://operawatch.blogspot.com/2005/06/opera-801-only-browser-of-major.html

Comment by Danny — 6/23/2005 @ 4:42 pm

RSS feed for comments on this post.

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!
If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.
Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>