----- Original Message -----
Sent: Saturday, March 12, 2005 11:35 PM
Subject: Re: [Declude.JunkMail] New Phishing Scheme
----- Original Message -----
Sent: Saturday, March 12, 2005 8:24
PM
Subject: Re: [Declude.JunkMail] New
Phishing Scheme
Yep...it's been around a while... we first saw it
July of last year with a US Bank phishing attempt. It only affected
IE... and only when no other toolbars were installed. Firefox was
not vulnerable to it.
It was quite surprising, as it uses DHTML to
place a div over the URL window if the window is at the default offset from
the main window... surprising that IE allowed that...
Darin.
----- Original Message -----
Sent: Saturday, March 12, 2005 5:27 PM
Subject: [Declude.JunkMail] New Phishing Scheme
Hi, All-
Somebody has figured out how to use
_javascript_ to make a link look correct on the page, and in the status window
when you mouse over the link, while actually sending you to a phish site. So
it is no longer sufficient to check the status window, you actually have to
look at the page source to figure out whether a link goes where it
says.
Maybe some of you
have already seen this technique, but it's the first time I have
seen it in my inbox. I was waiting for this to happen, and I'm a
little surprised that I haven't seen it before. It's actually pretty
simple to do.
Since there are probably lurkers here,
I'll be happy to share the code OL with people I know if you want to see how
it's done. If the weight of opinion here is to share the
code openly, I will be happy do so.
-Dave Doherty
Skywaves,
Inc.
301-652-8822 x209
