Researchers have discovered a new method used by criminals to hide the
location of phishing websites in email messages.
The technique uses a form that sends the users to phishing websites after
they have pushed a button. Traditionally phishers employ a link in the body of
the email message, security watchdog, the SANS
Internet Storm Centre has warned.
Forms are commonly used by websites to allow users to send information back
to the sites, for instance to enter user names and passwords for log ins.
A phishing email tries to lure the recipient to a website that the message
claims is from a trusted organisation like a bank or credit card company. The
aim of the message is to steal confidential information such as login names and
passwords.
A commonly used method claims that a bank's computer system has been hit by
an outage and that users need to re-enter their information to re-activate their
accounts. The email provides a link that leads to a forged website that
resembles the bank's official site.
Although regular HTML allows phishers to hide the true location of the link
to a certain degree, many email clients show the true address in the bottom of
the window when a users holds his mouse over the message.
The new method allows the criminal to hide the true location of the website
to the recipients, increasing the chance that they will believe the message is
genuine and fall for the scam.
Do you agree?
Have your say on this article