Get our RSS feed
Search BizReport
News by Topic
Marketing
- Advertising
- Search Marketing
- Email Marketing
- Loyalty Marketing
- Mobile Marketing
- Social Marketing
- Viral Marketing
- Trends & Ideas
Beyond Marketing
BizReport : Research : January 09, 2007
Phishers Get Flash
As online phishing detection evolves, so do the phishers.
In an attempt to circumvent browser phishing detectors, phishers have begun to use Flash instead of HTML.
The existing anti-phishing devices scan a web page’s HTML code to detect whether it is a fraudulent attempt to dupe users. Because Flash files are seen by these detectors as a single object they aren’t scanned and the site user will not be warned of a potential risk. The technique is similar to how spammers started using images in emails in the hope that it would outsmart any filters.
More often than not, these phishing sites are fake login pages, web forms or password reset pages that require the user to input personal data such as a password, credit card number or social security number.
"The crooks are always one step ahead of our technology, and this is another proof of that," Gartner’s Avivah Litan told SC Magazine.
Statistics released in the Anti-Phishing Working Group’s (APWG) latest report show that in summer and early fall of 2006, the number of phishing spoof sites soared. The number of unique phishing URLs was 37,444 in October, a 757 percent increase over the 4,367 reported by the APWG in October, 2005, and up some 236 percent from the 11,121 detected just six months before in April, 2006.
Ebay, Bank of America and PayPal are amongst the most attacked sites and financial services is the most targeted industy.
Michael Sutton, security researcher and blogger, was “...surprised to see that the top three targets - eBay, PayPal and Bank of America accounted for 63% of the active phishing sites. One amusing finding was that Yahoo! commonly hosts pages that phish...wait for it...Yahoo! credentials.” Sutton has a comprehensive breakdown of his findings on his blog.
Subscribe to BizReport
Latest Headlines
- Keynote Systems: Mobile websites need improvement
- More ad opportunities via Google
- Yahoo Web Analytics tool launched
- IAB: Online ad spend up 15% so far
- Report: Local search, mobile search important to consumers
- Federated Media launches overhauled self-serve ad platform
- ZenithOptimedia revises global ad spend down... again
- Engaged online video viewers not averse to advertising
Featured White Papers:
12 SEO Campaign Killers
Learn what not to do when launching a Search Engine Optimization (SEO) campaign to attract more visitors, leads and sales. >>
Social Media Marketing: 12 Essential Tips for Success
Learn how to effectively engage customer communities with a new, social marketing mix. >>
Featured Magazines:
Featured Research
- NEW! B-to-B Lead Generation Handbook
Special $200.00 discount for BizReport readers only!
Improve your results and the quality of your leads - download the full report right now.
Comments
I thought this interesting...yet another vulnerability. Sjk
Posted by: Greg on January 11, 2007 19:13