Script Injection Makes Phishing Harder to Catch

Discussion in 'other security issues & news' started by ronjor, Jul 20, 2004.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    164,057
    Location:
    Texas
    The main advantage of script-injection phishing attacks is that they are carried out on the trusted site itself. "If the user is vigilant and verifies the identity of the site by examining the SSL certificate, the attacker is still able to steal information," said Thomas Kristensen, chief technology officer at Denmark-based security firm Secunia. Such attacks work just as well on SSL sessions.


    http://tinyurl.com/6r5xq
     
    ronjor, Jul 20, 2004
    #1
  2. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Pretty scary, Rojor. Thanks for the post.

    I guess the best practice defense for this is never click on links in emails for any site that requires a logon. Is that good enough?
     
    optigrab, Jul 20, 2004
    #2
  3. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Agreed. And here is an excerpt from the article Ronjor referred to.

    "All a user has to do to avoid the attack is to type in the trusted URL by hand or to find it via a trusted site such as a search engine. But scammers have shown that fake bank e-mails, for example, can be made very persuasive, experts say. "
     
    Dazed_and_Confused, Jul 21, 2004
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...