Microsoft Advisory on Web Browser Phishing Trick Involving Overlapping Browser Windows - 1,703 Views, 1 Comment
|
Previous Article « What Everybody Ought to Know about Protecting Themselves from Credit Card Fraud and Identity Theft
Read Next Article » TrustSoft’s SpyKiller Scam Scans Canned with CAN-SPAM
The way that it works is this: you visit a website - unbeknownst to you a phisher’s website - and that site redirects you to a real, legitimate site. So let’s say that you get an email with a link to YourBank.com, but it’s really a link to ThatPhisher.com. However, ThatPhisher.com invisibly redirects you to the real YourBank.com website, so what you see is your bank’s real, legitimate website. However, at the same time, as your browser hits and passes through ThatPhisher.com, ThatPhisher.com causes your browser to pop-up one or more new windows or dialogue boxes, which prompt you to enter personal information for YourBank.com (such as your account information or password). You have no reason to think that the information is being requested by anyone other than YourBank.com, because hey, you’re at the real YourBank.com website! Says the Microsoft advisory, “If a particular window or dialog box does not have an address bar and does not have a lock icon that can be used to verify the site’s certificate, the user is not provided with enough information on which to base a valid trust decision about the window or dialog box.” Good advice. What to do if you are presented with such a new window or dialogue box? Close them, go to your main browser window, and manually type in the address of the real website (in this case YourBank.com). If the window or dialogue box pops up again, then it was likely legitimate. If it doesn’t, well, you’ve just saved yourself from being phish phood.
Follow Anne on Twitter
Friend Anne on Facebook
Microsoft has this week issued an advisory on a new trick which phishers are playing with users’ web browsers, including Internet Explorer, although other web browsers can be manipulated as well. The trick involves the use of overlapping browser windows which are automatically opened by a site which the user visits.
Microsoft Advisory on Web Browser Phishing Trick Involving Overlapping Browser Windows
Twitter Explained in Plain English
Previous Article « What Everybody Ought to Know about Protecting Themselves from Credit Card Fraud and Identity Theft
Read Next Article » TrustSoft’s SpyKiller Scam Scans Canned with CAN-SPAM
Read more:
» New Free Pop-Up Blocker for a New Breed of Pop-Ups
» Microsoft Issues Windows Security “Advisory” for XP, Win2K, and Server 2003
» Microsoft Offers Windows Lite in Europe
» A Browser Which Warns Users of Phishing? It’s True!
For additional similar stories check out our archives on Good Guys, Phishing
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
Opera is not affected by this phishing vulnerability: http://operawatch.blogspot.com/2005/06/opera-801-only-browser-of-major.html
Comment by Danny — 6/23/2005 @ 4:42 pm