http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx
A very interesting depiction of how phishing could be so very easily accomplished using the "Navigation Canceled" page feature in IE7. You simply direct users to a page with a proper-looking URL, but deep within there's a script being generated that'll redirect users elsewhere but with the same "genuine" URL.
IE7 will ask users to refresh the "Navigation Canceled" page to retry, and when the users do that, the script generated in the first step will lead them somewhere else, but with a perfectly legitimate URL. You got to see the video in order to see how easy it is.
Steps to protect oneself:
Don't use IE7
Don't click on link directly - type it in yourself, watching the spelling
Check for a proper, valid certificate if led to a secure site (double-click the padlock icon)
Sesh
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment