|  Author | Topic: SPECIAL REPORT: Hackers grab IE's address bar (Read 885 times) |
jenn
Probie
member is offline
![[yim]](http://s4.images.proboards.com/yim.gif)
![[homepage]](http://s4.images.proboards.com/buttons/www_sm.gif)
Joined: Mar 2004
Gender: Female 
Posts: 6
Location: Bowdoinham, ME
|  | SPECIAL REPORT: Hackers grab IE's address bar
« Thread Started on May 7, 2004, 3:06pm » | |
What follows is an excerpt from a free newsletter to which I subscribe. The full text is available at http://BriansBuzz.com/w/040506
Two or three people have asked me about exactly this type of spam in the last week, so I thought I'd pass it on.
--John b.
============================================================
SPECIAL REPORT: Hackers grab IE's address bar
By Brian Livingston
Scam artists on the Internet have developed a way to make your browser's address bar say that you're viewing a legitimate Web site when you're actually visiting a malicious site instead. The new technique is known to affect Microsoft's Internet Explorer (IE) browser, but also affects the Netscape browser and possibly others as well.
This new rip-off method is a disturbing evolution in a fast-growing wave of e-mail scams called "phishing." The typical scheme involves an attempt to get victims to reveal a credit-card number, online banking password, or other personal information.
Here's how the latest exploit works:
A convincing-looking e-mail. You receive an e-mail message that looks exactly like a real notice from a bank, PayPal, eBay, or other financial institution. The message informs you that your account information has been lost in some way, and instructs you to visit the institution's Web site to re-enter your account details.
A convincing-looking Web page. A link in the message, when clicked, takes you to a page that looks exactly like the official site you'd expect to see, complete with a corporate logo and other design features. But the page is actually on a temporary domain name that's been set up for this purpose by the "phisher."
A hijacked address bar. Up to this point, the phishing exploit has been identical to hundreds of older scams that have plagued the Internet for months. The new wrinkle and the most frightening aspect is that the address bar of your browser says you're on a page of the financial institution's site. The actual Web address is invisible, because the phisher's site has run code that replaced your browser's real address bar with a fake one.
The fake address bar has an input box that actually works if you type in another site you wish visit. But the code that put up the fake address bar is still running until you close the browser. This raises the possibility so far unseen in the wild that the phisher's code could record other passwords you happen to enter at other sites.
The unfortunate answer is that social-engineering attacks, such as the phishing expeditions that try to get you to reveal your credit-card numbers and passwords, require social-engineering defenses. That means people must learn not to do things that defy common sense. It's ridiculous to think that your bank "forgot" your credit-card numbers and needs you to "re-enter them." But these exact appeals have worked because most people want to be on good terms with their bank and want to provide accurate information when asked to do so.
All my love 
Jen
|
"The Bible calls debt a curse and children a blessing.
But in our culture, we apply for a curse and reject blessings.
Something is wrong with this picture." -- Doug Phillip
|
|
Carnage
Techy
member is offline
![[avatar]](http://members.shaw.ca/ranjeevah/art/illustrator/big/carnage.jpg)
Ask me anything...
Joined: Mar 2004
Gender: Male 
Posts: 86
Location: Bowdoinham, Maine,USA
| | Re: SPECIAL REPORT: Hackers grab IE's address bar
« Reply #1 on May 7, 2004, 8:10pm » | |
wow, scary.
perhaps read the source code for every site like that? what a pain. 
|
Information is knowledge. Knowledge is power. Wisdom is knowing how to use it.
|
|
Sabyre
Guru
member is offline
Ignorance should never be tolerated!
Joined: Mar 2004
Gender: Male
Posts: 162
Location: ACS HQ
| | Re: SPECIAL REPORT: Hackers grab IE's address bar
« Reply #2 on May 8, 2004, 8:38am » | |
If you get an email from a reputable company about your account info being lost the first thing you should do is verify the integrity of the email. Dont just click on links in the email. Go to the comapnys website or call them and verify that your info has infact been lost. If you dont have that sort of common sence then you deserve to have you info comprimised.
|
"We are the music makers and we are the dreamers of the dreams" - Willy Wonka |
| |
|
![[Home]](http://s4.images.proboards.com/menu/home.gif)
![[Help]](http://s4.images.proboards.com/menu/help.gif)
![[Search]](http://s4.images.proboards.com/menu/search.gif)
![[Login]](http://s4.images.proboards.com/menu/login.gif)
![[Register]](http://s4.images.proboards.com/menu/register.gif)
![[Search This Thread]](http://s4.images.proboards.com/search2.gif)
![[Send Topic To Friend]](http://s4.images.proboards.com/buttons/sendtopic.gif)
![[Print]](http://s4.images.proboards.com/buttons/print.gif)
Logged