Get our RSS feed
Search BizReport
News by Topic
Marketing
- Advertising
- Search Marketing
- Email Marketing
- Loyalty Marketing
- Mobile Marketing
- Social Marketing
- Viral Marketing
- Trends & Ideas
Beyond Marketing
BizReport : Research : January 09, 2007
Phishers Get Flash
As online phishing detection evolves, so do the phishers.
In an attempt to circumvent browser phishing detectors, phishers have begun to use Flash instead of HTML.
The existing anti-phishing devices scan a web page’s HTML code to detect whether it is a fraudulent attempt to dupe users. Because Flash files are seen by these detectors as a single object they aren’t scanned and the site user will not be warned of a potential risk. The technique is similar to how spammers started using images in emails in the hope that it would outsmart any filters.
More often than not, these phishing sites are fake login pages, web forms or password reset pages that require the user to input personal data such as a password, credit card number or social security number.
"The crooks are always one step ahead of our technology, and this is another proof of that," Gartner’s Avivah Litan told SC Magazine.
Statistics released in the Anti-Phishing Working Group’s (APWG) latest report show that in summer and early fall of 2006, the number of phishing spoof sites soared. The number of unique phishing URLs was 37,444 in October, a 757 percent increase over the 4,367 reported by the APWG in October, 2005, and up some 236 percent from the 11,121 detected just six months before in April, 2006.
Ebay, Bank of America and PayPal are amongst the most attacked sites and financial services is the most targeted industy.
Michael Sutton, security researcher and blogger, was “...surprised to see that the top three targets - eBay, PayPal and Bank of America accounted for 63% of the active phishing sites. One amusing finding was that Yahoo! commonly hosts pages that phish...wait for it...Yahoo! credentials.” Sutton has a comprehensive breakdown of his findings on his blog.
Subscribe to BizReport
Please enter your e-mail here:
Latest Headlines
- ExactTarget: Get email addresses while consumers shop
- A new use for online ads: Calculations
- OPA releases new ad units
- EA offers gaming ad advice
- Jivox adds map-targeting and creation tools to ad suite
- Ads for cheaper mobile plans?
- MerchantCircle offers city-centric coupons
- Catalyst: Googlers like Bing but won't remain loyal
Featured White Papers:
Social Media Marketing: 12 Essential Tips for Success
Learn how to effectively engage customer communities with a new, social marketing mix. >>
Featured Magazines:
Featured Research
- NEW! B-to-B Lead Generation Handbook
Special $200.00 discount for BizReport readers only!
Improve your results and the quality of your leads - download the full report right now.
Featured Financing Solution
- Small Business Loans Vs, Business Cash Advance
How can merchants access working capital quickly? A business cash advance offers small business owners fast financing based on credit card sales volume without the hassles normally associated with business bank loans or equipment leasing.
Comments
I thought this interesting...yet another vulnerability. Sjk
Posted by: Greg on January 11, 2007 19:13