Script Injection Makes Phishing Harder to Catch

Discussion in 'other security issues & news' started by ronjor, Jul 20, 2004.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    The main advantage of script-injection phishing attacks is that they are carried out on the trusted site itself. "If the user is vigilant and verifies the identity of the site by examining the SSL certificate, the attacker is still able to steal information," said Thomas Kristensen, chief technology officer at Denmark-based security firm Secunia. Such attacks work just as well on SSL sessions.


    http://tinyurl.com/6r5xq
     
  2. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Pretty scary, Rojor. Thanks for the post.

    I guess the best practice defense for this is never click on links in emails for any site that requires a logon. Is that good enough?
     
  3. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Agreed. And here is an excerpt from the article Ronjor referred to.

    "All a user has to do to avoid the attack is to type in the trusted URL by hand or to find it via a trusted site such as a search engine. But scammers have shown that fake bank e-mails, for example, can be made very persuasive, experts say. "
     
Loading...
Thread Status:
Not open for further replies.