Putting Phishers In The Banking Frame

Phishers are smart, and banks are dumb. At least, it seems that way. Here’s another example of what’s called a cross site scripting vulnerability attack, which basically lures the victim to what seems, both in the phishing email and in the website it links to, to be a genuine website belonging to Charter One Bank.

My phishing guru Daniel McNamara explains that the long URL — which begins with a legitimately looking http://www.charterone.com and contains none of the usual hidden URLs further down the URL — actually contains a link to a frame, which “effectively allows the phishers to load a frame containing their site withing the real charterone site”. This frame appears in the browser inside the legitimate page http://www.charterone.com/legalcenter/do_not_solicit_confirm.asp . It looks like this:


I’m going to run this by CharterOne to see what they have to say about it, but as Daniel points out, “it’s a pretty bad failing. a fairly common one unfortunately.”


  1. After contacting Charter One (well, their parent Citizens Bank) this hole has been plugged. They haven’t replied to my questions yet, however.

  2. Pingback: Chris Mosby at myITforum.com

  3. Pingback: Mary's Blog

Comments are closed.