A new phishing tactic discovered by Internet security company SurfControl allows the phisher to take advantage of a weakness in a targeted company’s website, permitting them to use the company’s real URL, while serving up bogus look-alike content.
According to Susan Larson of SurfControl, “This is definitely one of the most sophisticated phishing techniques we have ever seen. Up until now, an informed computer user stood a chance or being able to identify a suspicious URL if they were wary. This new technique demonstrates how computer criminals are engaged in a constantly evolving series of increasingly sophisticated efforts to defraud the public.”
The way that it works is that the phisher exploits a flaw in the search script native to the targeted site. This allows them to display their own content as a search result, thus leaving the legitimate URL intact in the address bar. Non-legitimate URLs are one of the ways that intended victims of phishers have typically been able to identify a potential scam before being taken in by it.
|No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?