A new ‘undetectable’ phishing tactic has been hijacking the web pages of a major UK bank, according to security vendor Envisional.
Until now customers have been able to check a link in an email by moving the mouse over it, thus revealing a fraudulent URL addresses. But this new method shows the legitimate web address of the bank in question.
'This is a completely new and very dangerous threat,' said Envisional’s chief executive officer, Michael Wheatley. 'Even wary, sophisticated online banking customers will be caught out by this latest form of attack.'
The new approach exploits a vulnerability in the web site of the bank, allowing a link to look like it directs the user to the legitimate site. Actually the link sends the user to a framed mock-up of the bank's page that is really part of the phisher’s web site.
Source: Computing UK
No comments:
Post a Comment