Researchers have discovered a new method used by criminals to hide the location of phishing websites in email messages.
The technique uses a form that sends the users to phishing websites after they have pushed a button. Traditionally phishers employ a link in the body of the email message, security watchdog, the SANS Internet Storm Centre has warned.
Forms are commonly used by websites to allow users to send information back to the sites, for instance to enter user names and passwords for log ins.
A phishing email tries to lure the recipient to a website that the message claims is from a trusted organisation like a bank or credit card company. The aim of the message is to steal confidential information such as login names and passwords.
A commonly used method claims that a bank's computer system has been hit by an outage and that users need to re-enter their information to re-activate their accounts. The email provides a link that leads to a forged website that resembles the bank's official site.
Although regular HTML allows phishers to hide the true location of the link to a certain degree, many email clients show the true address in the bottom of the window when a users holds his mouse over the message.
The new method allows the criminal to hide the true location of the website to the recipients, increasing the chance that they will believe the message is genuine and fall for the scam.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago